Session Manager Operations

In  undertow

Overview

This feature is to add additional features to the management model to allow additional operations to be performed on the web session manager.

Issue Metadata

Issue:

Dev Contacts:

QE Contacts:

Affected Projects or Components:

  • Wildfly

Requirements

This will be implemented as additional operations under the deployment=*/subsystem=undertow management model address.

The extra operations implemented will be:

:: invalidate-session(sessionId)

Invalidates the provided session id

:: list-sessions()

Lists all session id’s

:: list-session-attribute-names(sessionId)

Lists all attribute names for the given session

:: list-session-attributes(sessionId)

Returns an object that maps attribute names to an attributes string representation

:: get-session-attribute(sessionId, attributeName)

Returns the string representation of the given attribute

:: get-session-last-accessed-time

Gets the session last accessed time in ISO-8601 format

:: get-session-last-accessed-time-millis

Gets the session last accessed time in milliseconds since unix epoch

:: get-session-creation-time

Gets the session creation time in ISO-8601 format

:: get-session-creation-time-millis

Gets the session creation time in milliseconds since unix epoch

Test Plan

A test will be added to the web test suite that will make the following assertions:

  • Deploy a web deployment that can create a session

  • Invoke list-sessions and verify that the list is empty

  • Store current time C1

  • Make an invocation on the web app that results in session creation

  • Store current time C2

  • Invoke list-sessions and verify that the list contains recently created session

  • Invoke get-session-creation-time and get-session-creation-time-millis, and verify both results are between C1 and C2 and they match

  • Invoke get-session-last-accessed-time and get-session-last-accessed-time-millis, and verify both results are same as for get-session-creation-time and get-session-creation-time-millis

  • Invoke list-session-attribute-names and check that result list contains expected items

  • Invoke list-session-attributes and check that result map contains expected name=value pairs

  • Store current time A1

  • Make an invocation to store a string attribute in the session

  • Store current time A2

  • Invoke get-session-last-accessed-time and get-session-last-accessed-time-millis, and verify both results are between A1 and A2 and they match

  • Invoke get-session-attribute and make sure result is as expected

  • Invoke invalidate-session to invalidate created session

  • Invoke list-sessions to check that there is no session active anymore

We should put also some simple negative tests:

  • Deploy a web deployment that can create a session

  • Invoke list-session-attribute-names, list-session-attributes, get-session-attribute on non-existing session and check that operation fails due to the session could not be found

  • Invoke invalidate-session on non-existing session and check that operation succeeds (we simply ignore wrong session ID in this case)

  • Make an invocation on the web app that results in session creation

  • Invoke get-session-attribute on existing session although with non-existing attribute name and assert that session is successful and result is 'undefined'

  • Invoke invalidate-session to invalidate created session