+ * The servlet container uses this interface to create a session between an HTTP + * client and an HTTP server. The session persists for a specified time period, + * across more than one connection or page request from the user. A session + * usually corresponds to one user, who may visit a site many times. The server + * can maintain a session in many ways such as using cookies or rewriting URLs. + *
+ * This interface allows servlets to + *
+ * When an application stores an object in or removes an object from a session, + * the session checks whether the object implements + * {@link HttpSessionBindingListener}. If it does, the servlet notifies the + * object that it has been bound to or unbound from the session. Notifications + * are sent after the binding methods complete. For session that are invalidated + * or expire, notifications are sent after the session has been invalidated or + * expired. + *
+ * When container migrates a session between VMs in a distributed container + * setting, all session attributes implementing the + * {@link HttpSessionActivationListener} interface are notified. + *
+ * A servlet should be able to handle cases in which the client does not choose
+ * to join a session, such as when cookies are intentionally turned off. Until
+ * the client joins the session, isNew returns true.
+ * If the client chooses not to join the session, getSession will
+ * return a different session on each request, and isNew will
+ * always return true.
+ *
+ * Session information is scoped only to the current web application (
+ * ServletContext), so information stored in one context will not
+ * be directly visible in another.
+ *
+ * @see HttpSessionBindingListener
+ */
+public interface HttpSession {
+
+ /**
+ * Returns the time when this session was created, measured in milliseconds
+ * since midnight January 1, 1970 GMT.
+ *
+ * @return a long specifying when this session was created,
+ * expressed in milliseconds since 1/1/1970 GMT
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ */
+ public long getCreationTime();
+
+ /**
+ * Returns a string containing the unique identifier assigned to this
+ * session. The identifier is assigned by the servlet container and is
+ * implementation dependent.
+ *
+ * @return a string specifying the identifier assigned to this session
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ */
+ public String getId();
+
+ /**
+ * Returns the last time the client sent a request associated with this
+ * session, as the number of milliseconds since midnight January 1, 1970
+ * GMT, and marked by the time the container received the request.
+ *
+ * Actions that your application takes, such as getting or setting a value
+ * associated with the session, do not affect the access time.
+ *
+ * @return a
+ * After this method executes, and if the new object implements
+ *
+ * If an object was already bound to this session of this name that
+ * implements
+ * If the value passed in is null, this has the same effect as calling
+ *
+ * After this method executes, and if the object implements
+ * long representing the last time the client sent a
+ * request associated with this session, expressed in milliseconds
+ * since 1/1/1970 GMT
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ */
+ public long getLastAccessedTime();
+
+ /**
+ * Returns the ServletContext to which this session belongs.
+ *
+ * @return The ServletContext object for the web application
+ * @since 2.3
+ */
+ public ServletContext getServletContext();
+
+ /**
+ * Specifies the time, in seconds, between client requests before the
+ * servlet container will invalidate this session. A zero or negative time
+ * indicates that the session should never timeout.
+ *
+ * @param interval
+ * An integer specifying the number of seconds
+ */
+ public void setMaxInactiveInterval(int interval);
+
+ /**
+ * Returns the maximum time interval, in seconds, that the servlet container
+ * will keep this session open between client accesses. After this interval,
+ * the servlet container will invalidate the session. The maximum time
+ * interval can be set with the setMaxInactiveInterval method.
+ * A zero or negative time indicates that the session should never timeout.
+ *
+ * @return an integer specifying the number of seconds this session remains
+ * open between client requests
+ * @see #setMaxInactiveInterval
+ */
+ public int getMaxInactiveInterval();
+
+ /**
+ * @deprecated As of Version 2.1, this method is deprecated and has no
+ * replacement. It will be removed in a future version of the
+ * Java Servlet API.
+ */
+ @SuppressWarnings("dep-ann")
+ // Spec API does not use @Deprecated
+ public HttpSessionContext getSessionContext();
+
+ /**
+ * Returns the object bound with the specified name in this session, or
+ * null if no object is bound under the name.
+ *
+ * @param name
+ * a string specifying the name of the object
+ * @return the object with the specified name
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ */
+ public Object getAttribute(String name);
+
+ /**
+ * @param name
+ * a string specifying the name of the object
+ * @return the object with the specified name
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ * @deprecated As of Version 2.2, this method is replaced by
+ * {@link #getAttribute}.
+ */
+ @SuppressWarnings("dep-ann")
+ // Spec API does not use @Deprecated
+ public Object getValue(String name);
+
+ /**
+ * Returns an Enumeration of String objects
+ * containing the names of all the objects bound to this session.
+ *
+ * @return an Enumeration of String objects
+ * specifying the names of all the objects bound to this session
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ */
+ public EnumerationString objects specifying the names of
+ * all the objects bound to this session
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ * @deprecated As of Version 2.2, this method is replaced by
+ * {@link #getAttributeNames}
+ */
+ @SuppressWarnings("dep-ann")
+ // Spec API does not use @Deprecated
+ public String[] getValueNames();
+
+ /**
+ * Binds an object to this session, using the name specified. If an object
+ * of the same name is already bound to the session, the object is replaced.
+ * HttpSessionBindingListener, the container calls
+ * HttpSessionBindingListener.valueBound. The container then
+ * notifies any HttpSessionAttributeListeners in the web
+ * application.
+ * HttpSessionBindingListener, its
+ * HttpSessionBindingListener.valueUnbound method is called.
+ * removeAttribute().
+ *
+ * @param name
+ * the name to which the object is bound; cannot be null
+ * @param value
+ * the object to be bound
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ */
+ public void setAttribute(String name, Object value);
+
+ /**
+ * @param name
+ * the name to which the object is bound; cannot be null
+ * @param value
+ * the object to be bound; cannot be null
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ * @deprecated As of Version 2.2, this method is replaced by
+ * {@link #setAttribute}
+ */
+ @SuppressWarnings("dep-ann")
+ // Spec API does not use @Deprecated
+ public void putValue(String name, Object value);
+
+ /**
+ * Removes the object bound with the specified name from this session. If
+ * the session does not have an object bound with the specified name, this
+ * method does nothing.
+ * HttpSessionBindingListener, the container calls
+ * HttpSessionBindingListener.valueUnbound. The container then
+ * notifies any HttpSessionAttributeListeners in the web
+ * application.
+ *
+ * @param name
+ * the name of the object to remove from this session
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ */
+ public void removeAttribute(String name);
+
+ /**
+ * @param name
+ * the name of the object to remove from this session
+ * @exception IllegalStateException
+ * if this method is called on an invalidated session
+ * @deprecated As of Version 2.2, this method is replaced by
+ * {@link #removeAttribute}
+ */
+ @SuppressWarnings("dep-ann")
+ // Spec API does not use @Deprecated
+ public void removeValue(String name);
+
+ /**
+ * Invalidates this session then unbinds any objects bound to it.
+ *
+ * @exception IllegalStateException
+ * if this method is called on an already invalidated session
+ */
+ public void invalidate();
+
+ /**
+ * Returns true if the client does not yet know about the
+ * session or if the client chooses not to join the session. For example, if
+ * the server used only cookie-based sessions, and the client had disabled
+ * the use of cookies, then a session would be new on each request.
+ *
+ * @return true if the server has created a session, but the
+ * client has not yet joined
+ * @exception IllegalStateException
+ * if this method is called on an already invalidated session
+ */
+ public boolean isNew();
+}