Skip to main content
Version: 3.14.x.x LTS

Session object methods

You can get a session with the request object method *request:getSession".

MethodDescriptionSample
session:setAttribute(key, value)Sets a session attribute with the given name. Depending on the Lua type of the attribute (string, number, bool) it will be mapped to a Java-based type (String, Double or Long, Boolean, respectively). Other types cannot be mapped and will not be set.session:setAttribute("MyKey", "my fancy string value")
session:getAttribute(key)Returns the session attribute with the given name. Depending on the Java-based type of the attribute (String, Float, Double, Boolean, ByteArray) it will be mapped to a Lua type (string, number, number, bool, string, respectively). Other types cannot be mapped and nil will be returned. If there was no attribute found then also nil will be returned.value = session:getAttribute("MyKey")
session:removeAttribute(key)Remove an attribute from session.session:removeAttribute("MyKey")
session:setInactiveTimeout(timeout)Set session inactive timeout.session:setInactiveTimeout(3600)
session:getInactiveTimeout()Returns inactive timeout of the session.inactiveTimeout = session:getInactiveTimeout()
session:setMaxLifetime(timeout)Sets the maximum lifetime (seconds) of the session. This feature is only supported for the Dynamic Session Management Engine.session:setMaxLifetime(86400)
session:getCreationTime()Returns the session's creation time, expressed as the number of seconds since January 1, 1970.creationTime = session:getCreationTime()
session:getTimeToLive()Returns the remaining time before the session expires, in seconds.timeToLive = session:getTimeToLive()
session:getMaxLifetime()Returns the session's total life time, in seconds. It is computed as the difference between the expiration time and the creation time.maxLifetime = session:getMaxLifetime()
session:invalidate()Invalidate a session.session:invalidate()
session:renegotiate()Renegotiate the current session. In the end, either a new TLS ID or a new cookie ID will be generated.session:renegotiate()
session:renegotiateSSL()Renegotiate the current TLS session. It removes the current TLS entry, closes the Keep-Alive connection, and starts an TLS handshake. In the end, a new TLS session ID will be generated.session:renegotiateSSL()
session:iterateAttributes()Iterate over all session attributes.for n, v in session:iterateAttributes() do resp:setHeader(n, v) end
session:getId()Returns the session's idsessionId = session:getId()
session:getLastTimeStamp()Returns the timestamp when the session was accessed for the last time, in epoch time (that is, the number of seconds since 1.1.1970 00:00:00 UTC)timeStamp = session:getLastTimeStamp()
session:getSecondsUntilTimeout()Returns the number of seconds until the session expires. This method takes into consideration the maximum timeout and the inactive interval (as opposed to the method session:getTimeToLive, which ignores the inactive timeout).secondsUntilTimeout = session:getSecondsUntilTimeout()