Session store (v5.0)
While the WebContext
is related to the HTTP request and response, the SessionStore
is an abstraction to deal with the web session.
It has the following methods:
getSessionId
: gets or creates the session identifier and initializes the session with it if necessaryget
: gets the attribute from the sessionset
: sets the attribute in the sessiondestroySession
: destroys the underlying web sessiongetTrackableSession
: get the native session as a trackable object (for back-channel logout)buildFromTrackableSession
: builds a new session store from a trackable session (for back-channel logout)renewSession
: renews the native session by copying all data to a new one.
Its implementations are different depending on the pac4j implementations.
For example, the JEEContext
currently uses the JEESessionStore
which relies on the JEE session. In Play, we have a specific cache-based PlayCacheSessionStore
as well as in Knox, which has a cookie-based KnoxSessionStore
.