For example, the Java Web Server has the ability to revert to using URL rewriting when cookies fail, and it allows session objects to be written to the server's disk as memory fills up or when the server shuts down.
(The items you place in the session need to implement the interface to take advantage of this option.) See your server's documentation for details pertaining to your server.
There are several methods involved in managing the session life cycle: This method returns whether the session is new.
A session is considered new if it has been created by the server but the client has not yet acknowledged joining the session.
Example 7-6 demonstrates the use of these methods with a servlet that manually invalidates all the sessions on the server that are more than a day old or have been inactive more than an hour.
A servlet that manually invalidates sessions according to arbitrary rules is useful on servers with limited session expiration capabilities.
Fortunately for us servlet developers, it's not always necessary for a servlet to manage its own sessions using the techniques we have just discussed.
Many web servers also support session tracking based on URL rewriting, as a fallback for browsers that don't accept cookies. For a servlet to support session tracking via URL rewriting, it has to rewrite every local URL before sending it to the client.As of the release of the Java Servlet API 2.1, Http Session Context has been deprecated.Now, the session object (embodied within an instance of a class implementing the Http Session interface) is retrieved using Http Servlet Request methods: The invalidate() method, invalidates the current session and unbinds any objects that were previously bound to it.Finally, you can remove an object from a session with if the session being accessed is invalid (we'll discuss invalid sessions in an upcoming section).Example 7-4 shows a simple servlet that uses session tracking to count the number of times a client has accessed it, as shown in Figure 7-2.If the session is already invalid, the invalidate() method will throw an Illegal State Exception.An object can be notified when it is bound to a session or unbound from a session simply by implementing the Http Session Binding Listener interface.For example, a user's session object provides a convenient location for a servlet to store the user's shopping cart contents or, as you'll see in Chapter 9, "Database Connectivity", the user's database connection.A servlet uses its request object's This method returns an array that contains the names of all objects bound to this session or an empty (zero length) array if there are no bindings.The Servlet API provides two methods to perform this encoding: This method encodes (rewrites) the specified URL to include the session ID and returns the new URL, or, if encoding is not needed or not supported, it leaves the URL unchanged.The rules used to decide when and how to encode a URL are server-specific.