Sessions
We recommend reading HTTP Parameter Decorators & Session middleware before continuing
Main
Every time your web application receives a request, Mandarine will verify if there is a specific cookie which holds the session id, and if the cookie is missing, Mandarine will create a new cookie with a new & unique session id and it will also inject a session context in the request (this context will hold the session information).
Note that concept of sessions are directly related to the Mandarine MVC module.
Where are sessions stored?
Sessions are stored in a session container. By default, Mandarine has a session container that stores all the sessions in Memory (not meant for production).
You can create your own implementation of the session container by creating your own class that implements MandarineSecurity.Sessions.SessionStore. By creating your own implementation of SessionStore, you will be able to override where the sessions are stored, this means, you will be able to define the behavior you would like.
Session Container
The session container handles the initialization of the session system & it also tells Mandarine how it should behave when it comes to the different states of a session. (See interface here)
cookie
cookie.path
Specifies the value for the path of the session cookie. By default, this is set to'/'
cookie.httpOnly
Specifies whether the cookie will be visible in the javascript. By default, this is set tofalse
cookie.secure
Specifies if the session cookie is secure.cookie.maxAge
Forces the cookie to expire in the specified amount of time.
keys
Specifies an array of keys to sign the cookies related to the sessions.
At least one value must be entered. If
keys
contains multiple values, only the first element will be used to sign, while all the elements will be used to verify the signature.
sessionPrefix
Specifies the prefix of the session name for the session cookie. By default, this is set to
mandarine-session
genId
Specifies the method to be used in order to generate a unique Id. By default, this is set to a mandarine internal method.
resave
Forces the session to be saved back in the session store, even when no modifications were made to it. If you want to avoid the use of unnecessary processes, set this to
false
. By default, this is set tofalse
rolling
Forces the session cookie to reset its expiration time every time there is a request.
saveUninitialized
Forces the session to be saved in the session store when it is new and it has not been initialized.
A session is new & uninitialized when it has not been modified after its creation.
store
Defines the Session Store object. This will be used to process all the sessions. It is an implementation of MandarineSecurity.Sessions.SessionStore as described above.
Defining my own session container
Understanding of Manual Components is required for this section.
The use of manual components will make you able to define your own session container & thus specify the behaviors of handling sessions in your mandarine-powered application.
To define your own session container you will need to create a manual component inside a configuration component (preferably). The method of your manual component must be called "getSessionContainer".
Note that all the values from your SessionContainer object that are ignored will be set to their default values.
Note that MySessionStoreImpl() is the equivalent to your custom implementation of MandarineSecurity.Sessions.SessionStore as described above.
Usage
In order to use sessions, please click on this link and then click on the tab "@Session".
Last updated