"Shiro" VI, Apache Shiro Session Management

1, session of the introduction about the session

Session: From starting a session to closing the session as a conversation, a package that interacts with the client and server side, with timeliness

Generation of sessions:
Typically generated from a container.
Web container:web containers, such as Tomcat, implement the session, which can produce a session
EJB Stateful Session Beans: less use

Application of the session:
Mobile
Web
Distributed clusters

Shiro Session

Based on Pojo
You can customize the way the session is stored, save to memory, file, database can
Container-independent clusters
Client Access Diversification
Event Monitoring
Host address memory, you can know by which host created
The web uses transparency, does not need to care about how the session is created, just need to know how to use
SSO-enabled, single sign-on

Use session

Subject CurrentUser == currentuser.getsession (true); Session.setattribute ("Somekey", Somvalue);

Subject.getsession (flag)

If subject has a session, return to session directly
If the subject does not exist session,flag=true, a new ssssion is created and returned
Returns null if subject does not exist Session,flag=false

Session in a servlet like

Support for all applications, but not limited to Web applications

2, SessionManager

Defaultsessionmanager: Default implementation

Duration of Session timeout:session

Session Listeners: Event-oriented, implementation of Sessionlistener interface

Save form of Session Storage:session

Sessiondao Interface Abstraction

In-memory-only: Default, save session with memory

EHCache Sessiondao: Using Disk to save session implementation

Use of EhCache Sessiondao

Configure Ehcache.xml

Session Cache Name

Session IDs

Sessionidgenerator components: for generating SessionID

Javauuidsessionidgenerator: Default implementation, using Java's UUID

Custom

Session Validation

Determine if the session expires

Lazy Validation: Judging when using

Session orphan (Orphan): When using lazy, some sessions expire, and still exist for a long time.

Sessionvalidationscheduler

Delete Session orphans regularly

Executorservicesessionvalidationscheduler: Default implementation

Custom Sessionvalidationscheduler

Close Session Validation

Close Session Delete function

3. Session Cluster

Cluster to implement session

Shiro supports distributed caching

Web Container Environment

Native environment

Based on Pojo multilayer architecture

Support for Cluster Sessiondao

The Transparent SessionManager

Supports integration of multiple distributed cache servers

Enterprisecachesessiondao

Activesessionscache

Third-party integration

Ehcache+terracotta

Zookeeper

4. session and User status

Stateful applications

Shiro use session to save authentication status by default

Get user status through SessionID

Non-stateful applications

Custom Blending Scenarios

Sessionstorageevaluator

"Shiro" VI, Apache Shiro Session Management