/**
* Retrieves the session ID from the session cookie in the given {@link ToadletContext}, checks if
* it contains a valid (existing and not expired) session and if yes, returns the {@link Session}.
*
* <p>If the session was valid, then its validity is extended by {@link MAX_SESSION_IDLE_TIME}.
*
* <p>If the session is not valid anymore, <code>null</code> is returned if the new constructor
* was used (for example by PluginRespirator). If the deprecated constructor was used, a
* RedirectException to the login URI is thrown.
*
* @throws RedirectException if login redirect URI was set
*/
public synchronized Session useSession(ToadletContext context) throws RedirectException {
UUID sessionID = getSessionID(context);
if (sessionID == null) {
if (mLogInRedirectURI == null) return null;
throw new RedirectException(mLogInRedirectURI);
}
// We must synchronize around the fetching of the time and mSessionsByID.push() because
// mSessionsByID is no sorting data structure: It's a plain
// LRUHashtable so to ensure that it stays sorted the operation "getTime(); push();" must be
// atomic.
long time = CurrentTimeUTC.getInMillis();
removeExpiredSessions(time);
Session session = mSessionsByID.get(sessionID);
if (session == null) {
if (mLogInRedirectURI == null) return null;
throw new RedirectException(mLogInRedirectURI);
}
session.updateExpiresAtTime(time);
mSessionsByID.push(session.getID(), session);
setSessionCookie(session, context);
return session;
}
/**
* Deletes the session with the given ID.
*
* @return True if a session with the given ID existed.
*/
private synchronized boolean deleteSession(UUID sessionID) {
Session session = mSessionsByID.get(sessionID);
if (session == null) return false;
mSessionsByID.removeKey(sessionID);
mSessionsByUserID.remove(session.getUserID());
return true;
}
