Representation of a stateful session for use with HTTP requests and responses,
as described in RFC 2965.
Exposes attribute "id", which must be a unique id in string form.
Currently, the deprecated but widely-used Netscape cookie mechanism is
employed, plus as much of RFC 2109 as is practical, rather than the more
featureful, standardized Cookie2 mechanism advocated by RFC 2965. If
cookies are not able to be used, a framework is in place for using URL
rewriting; however the implementation is incomplete.
The userAgentVariables member is a dictionary of additional stuff
to be held in the session persistence mechanism *independently* of
the repository session data. Use very sparingly, and only for data
that is not affected by user taint
References:
http://home.netscape.com/newsref/std/cookie_spec.html (Netscape cookies)
http://www.faqs.org/rfcs/rfc2109.html (standard cookies)
http://www.faqs.org/rfcs/rfc2965.html (Cookie2)
http://www.faqs.org/rfcs/rfc2616.html (HTTP/1.1)
TO-DO: Implement the equivalent of various useful methods found in the
javax.servlet.http.HttpSession portion of the Java Servlet API.
Methods
A session object is initially created without a session ID.
This method is called to allow a session to do whatever initialization
can be done once its ID is known. (The ID is not known when the class
is instantiated)
Get the session ID. Must be overridden
This method is called to allow a session to update the response body
before it is written out.
This method is called to allow a session to update the persistence
mechanism in the process of the HTTP response (cookie, URL re-write,
etc.)