Class SessionConstraint


  • public class SessionConstraint
    extends Object
    SessionConstraint represents the session quota for a given user and performs the necessary actions based on the session quota limit, If the user reaches maximum allowed session limit , the activation request of new session should be rejected.

    If this is the "session upgarde" case, the session quota checking is bypassed when activating the new session. This is due to the fact that during the session upgrade process the old session will not be destroyed until this new session is successfully activated.

    The session count however still has to be incremented because there is indeed a new valid session being created. As a result, there is a very small window where both old session and the new session are both valid and if there is another client trying to create a new session for the same user in the meantime, it might not be allowed to do so due to session quota being exceeded. This conservative approach is considered as acceptable here.

    • Constructor Detail

      • SessionConstraint

        public SessionConstraint()
    • Method Detail

      • checkQuotaAndPerformAction

        protected boolean checkQuotaAndPerformAction​(InternalSession internalSession)
        Check if the session quota for a given user has been exhausted and perform necessary actions in such as case.
        Parameters:
        internalSession -
        Returns:
        true if the session activation request should be rejected, false otherwise.
      • getDefaultSessionQuota

        public static int getDefaultSessionQuota()