public class SessionConstraint extends Object
SessionConstraint represents the session quota for a given user
and performs the necessary actions based on the session quota limit, If the
user reaches maximum allowed session limit , the activation request of
new session should be rejected.
If this is the "session upgarde" case, the session quota checking is bypassed when activating the new session. This is due to the fact that during the session upgrade process the old session will not be destroyed until this new session is successfully activated.
The session count however still has to be incremented because there is indeed a new valid session being created. As a result, there is a very small window where both old session and the new session are both valid and if there is another client trying to create a new session for the same user in the meantime, it might not be allowed to do so due to session quota being exceeded. This conservative approach is considered as acceptable here.
| Modifier and Type | Field and Description |
|---|---|
static String |
DESTROY_OLDEST_SESSION_CLASS |
| Constructor and Description |
|---|
SessionConstraint() |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
checkQuotaAndPerformAction(InternalSession internalSession)
Check if the session quota for a given user has been exhausted and
perform necessary actions in such as case.
|
static int |
getDefaultSessionQuota() |
public static final String DESTROY_OLDEST_SESSION_CLASS
protected boolean checkQuotaAndPerformAction(InternalSession internalSession)
internalSession - public static int getDefaultSessionQuota()
Copyright © 2010–2025 Open Identity Platform Community. All rights reserved.