001    /*
002     * Copyright 2008 Les Hazlewood
003     *
004     * Licensed under the Apache License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     *     http://www.apache.org/licenses/LICENSE-2.0
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    package org.apache.shiro.session.mgt;
017    
018    import java.io.Serializable;
019    
020    /**
021     * A {@code SessionKey} is a key that allows look-up of any particular {@link org.apache.shiro.session.Session Session}
022     * instance.  This is not to be confused what is probably better recognized as a session <em>attribute</em> key - a key
023     * that is used to acquire a session attribute via the
024     * {@link org.apache.shiro.session.Session#getAttribute(Object) Session.getAttribute} method.  A {@code SessionKey}
025     * looks up a Session object directly.
026     * <p/>
027     * While a {@code SessionKey} allows lookup of <em>any</em> Session that might exist, this is not something in practice
028     * done too often by most Shiro end-users.  Instead, it is usually more convenient to acquire the currently executing
029     * {@code Subject}'s session via the {@link org.apache.shiro.subject.Subject#getSession} method.  This interface and
030     * its usages are best suited for framework development.
031     *
032     * @author Les Hazlewood
033     * @since 1.0
034     */
035    public interface SessionKey {
036    
037        /**
038         * Returns the id of the session to acquire.
039         * <p/>
040         * Acquiring sessions by ID only is a suitable strategy when sessions are natively managed by Shiro directly.
041         * For example, the Servlet specification does not have an API that allows session acquisition by session ID, so
042         * the session ID alone is not sufficient for ServletContainer-based SessionManager implementations.
043         *
044         * @return the id of the session to acquire.
045         */
046        Serializable getSessionId();
047    }