Class AuthSession

java.lang.Object

com.serinity.accesscontrol.model.base.IdentifiableEntity

com.serinity.accesscontrol.model.AuthSession

public final class AuthSession
extends IdentifiableEntity

Represents an authentication session for a user. Used to manage user login sessions, refresh tokens, and session validity.

This entity extends IdentifiableEntity, which provides a unique id for each session entry.

The table auth_sessions has the following indexes for performance optimization:

• idx_session_token - Indexed on refresh_token to quickly validate or revoke sessions.
• idx_session_user - Indexed on user_id for efficient lookup of all sessions by user.

Fields include:

• refreshToken - The refresh token associated with this session. Must be unique.
• createdAt - Timestamp when the session was created.
• expiresAt - Timestamp when the session expires and is no longer valid.
• revoked - Boolean flag indicating if the session has been revoked.
• user - The User who owns this session.

Note: This class is declared final to prevent inheritance and ensure session integrity.

Since:

2026-02-03

Version:

1.0

Author:

@ZouariOmar (zouariomar20@gmail.com)

See Also:

• AuthSession.java

Field Summary

Fields inherited from class IdentifiableEntity

id

Constructor Summary

Constructors

Constructor	Description
AuthSession()	Creates an empty authentication session.

Method Summary

Modifier and Type	Method	Description
Instant	getCreatedAt()	Returns the creation timestamp of this session.
Instant	getExpiresAt()	Returns the expiration timestamp for this session.
String	getRefreshToken()	Returns the refresh token for this session.
User	getUser()	Returns the user that owns this session.
boolean	isRevoked()	Indicates whether this session has been revoked.
void	setCreatedAt(Instant createdAt)	Sets the creation timestamp of this session.
void	setExpiresAt(Instant expiresAt)	Sets the expiration timestamp for this session.
void	setRevoked(boolean revoked)	Marks this session as revoked or active.
void	setUser(User user)	Sets the user that owns this session.

Methods inherited from class IdentifiableEntity

getId

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthSession

public AuthSession()

Creates an empty authentication session.

Method Details

getRefreshToken

public String getRefreshToken()

Returns the refresh token for this session.

Returns:

refresh token value

getCreatedAt

public Instant getCreatedAt()

Returns the creation timestamp of this session.

Returns:

creation timestamp

setCreatedAt

public void setCreatedAt(Instant createdAt)

Sets the creation timestamp of this session.

Parameters:

createdAt - creation timestamp to assign

getExpiresAt

public Instant getExpiresAt()

Returns the expiration timestamp for this session.

Returns:

expiration timestamp

setExpiresAt

public void setExpiresAt(Instant expiresAt)

Sets the expiration timestamp for this session.

Parameters:

expiresAt - expiration timestamp to assign

setRevoked

public void setRevoked(boolean revoked)

Marks this session as revoked or active.

Parameters:

revoked - true to revoke the session

isRevoked

public boolean isRevoked()

Indicates whether this session has been revoked.

Returns:

true if revoked

getUser

public User getUser()

Returns the user that owns this session.

Returns:

session owner

setUser

public void setUser(User user)

Sets the user that owns this session.

Parameters:

user - session owner