Introduction

My demo web application, described here (with source code here), uses Javalin with embedded Jetty.  Out of the box, Javalin provides access to the underlying session object, so you can store values in it and retrieve values from it. You can use methods provided by Javalin’s Context object to do this.

That’s one way, for example, to track whether a user is logged in or not.

In many cases, that may be all you want or need from session management in your app.

On the other hand, Jetty provides more advanced session management, should you need it.  It takes a bit more configuration - but may be worthwhile. There is plenty of official documentation - but here I will just talk about how I configured the session handler in my demo application.

Session management

First of all - what does this session management stuff do for you?

It allows an application to keep track of all sessions within your application, in a consistent and unified way.  Without this, you are basically constrained to dealing with each session in isolation (each specific session associated with each specific HTTP request & response).

In my case, I chose to use a database table as the store for this richer set of session data.

Once you have all session data being tracked in a database table, you can build a session management web page which a site administrator can use to monitor all active user sessions - to see who is logged in; where sessions originated; which sessions are close to timing out; and so on.  You can even choose to terminate specific sessions.

JDBC Session Handler

How to configure a JDBC session handler?

This tutorial walks through several aspects of Jetty session confguration in the context of a Javalin application.  I used that tutorial as the basis of my own implementation, which you can see in my DemoSessionHandler class. JDBC is not the only approach you can take - but it’s the one I chose.

Here are the key steps:

  1. You should ideally create a new database schema to hold your session tracking table - one which is separate from your core application database, and which has its own database user ID and password. I use my application’s properties file to specify the location of the session tracking schema.

  2. In my DemoSessionHandler class, I configure the various Jetty objects needed to implement Jetty session management.  I provide a JDBC connection URL as part of the configuration.

  3. This session handler class is used to configure the session handler within Javalin - see line 55 of the main DemoApp class:

Database Table

The jettysessions Database Table

To track session data in my application, Jetty looks for a database table called jettysessions in the schema I specified.  If that table does not exist, Jetty automatically creates it.

By default, the table looks like this (you can configure its columns if you wish):

Here are a couple of example records from the table:

The times are all in milliseconds - so we can see, for example, that each session has a timeout of 90 minutes (5,400,000 milliseconds).

The timestamp values can be converted to datetimes as follows (for MySQL, at least):

1
2
3
select date_format(from_unixtime(expiryTime / 1000),   
    '%d-%b-%Y %H:%i:%s.%f') as "Date"  
from session_db.jettysessions;

One Final Catch…

Wen I first configured Jetty session tracking in my application, the database table was created, but no data was written to it. In my DemoApp class, I had to add this…

1
ctx.req.getSession();

…before processing each request.  I am not sure why this was needed.