Default no-arg constructor that defaults the {@link #setSessionIdGenerator sessionIdGenerator} to be a {@link hunt.shiro.session.mgt.eis.UuidSessionIdGenerator}.
Utility method available to subclasses that wish to assign a generated session ID to the session instance directly. This method is not used by the {@code AbstractSessionDAO} implementation directly, but it is provided so subclasses don't need to know the {@code Session} implementation if they don't need to. <p/> This default implementation casts the argument to a {@link SimpleSession}, Shiro's default EIS implementation.
Creates the session by delegating EIS creation to subclasses via the {@link #doCreate} method, and then asserting that the returned sessionId is not null.
Subclass hook to actually persist the given <tt>Session</tt> instance to the underlying EIS.
Subclass implementation hook that retrieves the Session object from the underlying EIS or {@code null} if a session with that ID could not be found.
Generates a new ID to be applied to the specified {@code session} instance. This method is usually called from within a subclass's {@link #doCreate} implementation where they assign the returned id to the session instance and then create a record with this ID in the EIS data store. <p/> Subclass implementations backed by EIS data stores that auto-generate IDs during record creation, such as relational databases, don't need to use this method or the {@link #getSessionIdGenerator() sessionIdGenerator} attribute - they can simply return the data store's generated ID from the {@link #doCreate} implementation if desired. <p/> This implementation uses the {@link #setSessionIdGenerator configured} {@link SessionIdGenerator} to create the ID.
Returns the {@code SessionIdGenerator} used by the {@link #generateSessionId(hunt.shiro.session.Session)} method. Unless overridden by the {@link #setSessionIdGenerator(SessionIdGenerator)} method, the default instance is a {@link JavaUuidSessionIdGenerator}.
Retrieves the Session object from the underlying EIS identified by <tt>sessionId</tt> by delegating to the {@link #doReadSession(java.io.Serializable)} method. If {@code null} is returned from that method, an {@link UnknownSessionException} will be thrown.
Sets the {@code SessionIdGenerator} used by the {@link #generateSessionId(hunt.shiro.session.Session)} method. Unless overridden by this method, the default instance ss a {@link JavaUuidSessionIdGenerator}.
Inserts a new Session record into the underling EIS (e.g. Relational database, file system, persistent cache, etc, depending on the DAO implementation). <p/> After this method is invoked, the {@link hunt.shiro.session.Session#getId()} method executed on the argument must return a valid session identifier. That is, the following should always be true: <pre> Serializable id = create( session ); id.equals( session.getId() ) == true</pre> <p/> Implementations are free to throw any exceptions that might occur due to integrity violation constraints or other EIS related errors.
Retrieves the session from the EIS uniquely identified by the specified {@code sessionId}.
Updates (persists) data from a previously created Session instance in the EIS identified by {@code {@link Session#getId() session.getId()}}. This effectively propagates the data in the argument to the EIS record previously saved. <p/> In addition to UnknownSessionException, implementations are free to throw any other exceptions that might occur due to integrity violation constraints or other EIS related errors.
Deletes the associated EIS record of the specified {@code session}. If there never existed a session EIS record with the identifier of {@link Session#getId() session.getId()}, then this method does nothing.
Returns all sessions in the EIS that are considered active, meaning all sessions that haven't been stopped/expired. This is primarily used to validate potential orphans. <p/> If there are no active sessions in the EIS, this method may return an empty collection or {@code null}. <h4>Performance</h4> This method should be as efficient as possible, especially in larger systems where there might be thousands of active sessions. Large scale/high performance implementations will often return a subset of the total active sessions and perform validation a little more frequently, rather than return a massive set and validate infrequently. If efficient and possible, it would make sense to return the oldest unstopped sessions available, ordered by {@link hunt.shiro.session.Session#getLastAccessTime() lastAccessTime}. <h4>Smart Results</h4> <em>Ideally</em> this method would only return active sessions that the EIS was certain should be invalided. Typically that is any session that is not stopped and where its lastAccessTimestamp is older than the session timeout. <p/> For example, if sessions were backed by a relational database or SQL-92 'query-able' enterprise cache, you might return something similar to the results returned by this query (assuming {@link hunt.shiro.session.mgt.SimpleSession SimpleSession}s were being stored): <pre> select * from sessions s where s.lastAccessTimestamp < ? and s.stopTimestamp is null </pre> where the {@code ?} parameter is a date instance equal to 'now' minus the session timeout (e.g. now - 30 minutes).
An abstract {@code SessionDAO} implementation that performs some sanity checks on session creation and reading and allows for pluggable Session ID generation strategies if desired. The {@code SessionDAO} {@link SessionDAO#update update} and {@link SessionDAO#remove remove} methods are left to subclasses. <h3>Session ID Generation</h3> This class also allows for plugging in a {@link SessionIdGenerator} for custom ID generation strategies. This is optional, as the default generator is probably sufficient for most cases. Subclass implementations that do use a generator (default or custom) will want to call the {@link #generateSessionId(hunt.shiro.session.Session)} method from within their {@link #doCreate} implementations. <p/> Subclass implementations that rely on the EIS data store to generate the ID automatically (e.g. when the session ID is also an auto-generated primary key), they can simply ignore the {@code SessionIdGenerator} concept entirely and just return the data store's ID from the {@link #doCreate} implementation.