session (xml)

Represents a user or system session which is currently active, inactive sessions or information about inactive sessions cannot be accessed, the session is effectively immutable and removing it is the same as deactivating it, updating simply has the effect of refreshing it so it will not timeout
HTTP response codes as returned by the system:
200 - OK (request is ok and content returned)
201 - CREATED (request created new content, URL and id of content in the header)
204 - NO CONTENT (request is ok but no content to return)
400 - ERROR (general error in the request, probably invalid parameters or data)
401 - UNAUTHORIZED (user authentication required for this request)
403 - FORBIDDEN (authorization required, insufficient privileges, user is already authenticated)
404 - NOT FOUND (resource not found, URL is invalid in some way, id or action are invalid)
405 - METHOD NOT ALLOWED (the method is not supported for this entity type)
406 - NOT ACCEPTABLE (the data format requested is unavailable for this entity type)
500 - INTERNAL SERVER ERROR (general server failure, probably a failure in the provider)
501 - NOT IMPLEMENTED (indicates that a prefix is invalid)

Sample Entity URLs (_id=':ID:') [may not be valid]:

Entity Collection URL: GET /session (html) (xml) (json) (form)
Response Code Details: 200 plus data; 404 if not found, 406 if format unavailable
Create Entity URL: POST /session (form)
Response Code Details: 201 plus id (EntityId); 400 if inputs invalid
Create a new session via authentication using the '_username' and '_password' params set to the username and password of the user to create the session for, as per the REST conventions, the id of the session will be sent back in the response headers, NOTE: admins may create sessions for any user by just sending a request with valid session data
Show Entity URL: GET /session/:ID: (html) (xml) (json) (form)
Response Code Details: 200 plus data; 404 if not found, 406 if format unavailable
Update Entity URL: PUT /session/:ID: (form)
Response Code Details: 204; 400 if inputs invalid
Delete Entity URL: DELETE /session/:ID: (form)
Response Code Details: 204; 404 if not found

Custom Actions

current : list (GET) : [/session/current] (html) (xml) (json) (form)
Retrieves the current session for the current request
becomeuser : list (GET) : [/session/becomeuser] (html) (xml) (json) (form)
Allows user to become another user assuming requesting user is a Sakai admin. Syntax: serverUrl/direct/session/becomeuser/:USERID: , where :USERID: is either a userId or a userEid

URL Redirects

1)   /session/{id}/norefresh ==> /direct/session/{id}{dot-extension}?auto=true
Allows for a nice URL for getting a session without causing a refresh
2)   /session/current/norefresh ==> /direct/session/current{dot-extension}?auto=true
Easy URL to get the current session without causing a refresh

Entity class : org.sakaiproject.entitybroker.providers.model.EntitySession

Type :: bean
Name Type Status
1) activebooleanRead Only
2) attributeNamesjava.util.EnumerationRead Only
3) attributesjava.util.MapRead/Write
4) creationTimelongRead/Write
millisecond time code of when the session was created
5) currentTimelongRead Only
6) idstringRead/Write
7) lastAccessedTimelongRead/Write
millisecond time code of when the session was last refreshed
8) maxInactiveIntervalintRead/Write
max seconds the session can be idle before automatic invalidation
9) userEidstringRead/Write
the external id (typically username) of the user who owns this session
10) userIdstringRead/Write * required

Data and Request Handling

Output formats : html, xml, json, form
Input formats : html, xml, json
No Access Provider registered for request processing


6Createableorg.sakaiproject.entitybroker.entityprovider.capabilities.CreateableTo initiate a new session, fire a create request with a '_username' and '_password' param set to the username and password of the user to create the session for, NOTE: admins may create sessions for any user by just sending a request with a valid session entity
7Deleteableorg.sakaiproject.entitybroker.entityprovider.capabilities.DeleteableDeleting a session makes it immediately inactive and no long accessible (like calling Session.invalidate())
14Resolvableorg.sakaiproject.entitybroker.entityprovider.capabilities.ResolvableAccessing a session will refresh it unless you pass along a param called "auto" (the value of the param does not matter), this will allow you to get the info about a session without causing it to be updated
17Updateableorg.sakaiproject.entitybroker.entityprovider.capabilities.UpdateableUpdating a session resets the timeout (like calling Session.setActive())

REST:: 1.0.1 SVN: $Revision$ : $Date$