Last updated
Last updated
We recommend reading & before continuing
Every time your web application receives a request, Mandarine will verify if there is a specific cookie which holds the session id, and if the cookie is missing, Mandarine will create a new cookie with a new & unique session id and it will also inject a session context in the request (this context will hold the session information).
Note that concept of sessions are directly related to the .
Sessions are stored in a session container. By default, Mandarine has a session container that stores all the sessions in Memory (not meant for production).
You can create your own implementation of the session container by creating your own class that implements . By creating your own implementation of SessionStore, you will be able to override where the sessions are stored, this means, you will be able to define the behavior you would like.
The session container handles the initialization of the session system & it also tells Mandarine how it should behave when it comes to the different states of a session.
cookie
cookie.path
Specifies the value for the path of the session cookie. By default, this is set to '/'
cookie.httpOnly
Specifies whether the cookie will be visible in the javascript. By default, this is set to false
cookie.secure
Specifies if the session cookie is secure.
cookie.maxAge
Forces the cookie to expire in the specified amount of time.
keys
Specifies an array of keys to sign the cookies related to the sessions.
At least one value must be entered. If keys
contains multiple values, only the first element will be used to sign, while all the elements will be used to verify the signature.
sessionPrefix
Specifies the prefix of the session name for the session cookie. By default, this is set to mandarine-session
genId
Specifies the method to be used in order to generate a unique Id. By default, this is set to a mandarine internal method.
resave
Forces the session to be saved back in the session store, even when no modifications were made to it. If you want to avoid the use of unnecessary processes, set this to false
. By default, this is set to false
rolling
Forces the session cookie to reset its expiration time every time there is a request.
saveUninitialized
Forces the session to be saved in the session store when it is new and it has not been initialized.
A session is new & uninitialized when it has not been modified after its creation.
store
Defines the Session Store object. This will be used to process all the sessions. It is an implementation of as described above.
The use of manual components will make you able to define your own session container & thus specify the behaviors of handling sessions in your mandarine-powered application.
To define your own session container you will need to create a manual component inside a configuration component (preferably). The method of your manual component must be called "getSessionContainer".
Understanding of is required for this section.
Note that all the values from your object that are ignored will be set to their default values.
Note that MySessionStoreImpl() is the equivalent to your custom implementation of as described above.
In order to use sessions, please and then click on the tab "@Session".