public HttpSession getSession( final ServletContextImpl originalServletContext, final HttpServerExchange exchange, boolean create) { SessionConfig c = originalServletContext.getSessionConfig(); ConvergedHttpSessionFacade httpSession = exchange.getAttachment(sessionAttachmentKey); if (httpSession != null && httpSession.isValidIntern()) { exchange.removeAttachment(sessionAttachmentKey); httpSession = null; } if (httpSession == null) { final SessionManager sessionManager = context.getDeployment().getSessionManager(); Session session = sessionManager.getSession(exchange, c); if (session != null) { httpSession = (ConvergedHttpSessionFacade) SecurityActions.forSession(session, this, false, sessionManager); exchange.putAttachment(sessionAttachmentKey, httpSession); } else if (create) { String existing = c.findSessionId(exchange); if (originalServletContext != this.context) { // this is a cross context request // we need to make sure there is a top level session originalServletContext.getSession(originalServletContext, exchange, true); } else if (existing != null) { c.clearSession(exchange, existing); } final Session newSession = sessionManager.createSession(exchange, c); httpSession = (ConvergedHttpSessionFacade) SecurityActions.forSession(newSession, this, true, sessionManager); // call access after creation to set LastAccessTime at sipAppSession. httpSession.access(); // add delegate to InMemorySession to call sipAppSession.access(), when necessary: ((ConvergedInMemorySessionManager) sessionManager) .addConvergedSessionDeletegateToSession( newSession.getId(), httpSession.getConvergedSessionDelegate()); exchange.putAttachment(sessionAttachmentKey, httpSession); } } return httpSession; }