Session manager. There is one session manager object per PKCS#11 provider. It allows code to checkout a session, release it back to the pool, or force it to be closed. The session manager pools sessions to minimize the number of C_OpenSession() and C_CloseSession() that have to be made. It maintains two pools: one for "object" sessions and one for "operation" sessions. The reason for this separation is how PKCS#11 deals with session objects. It defines that when a session is closed, all objects created within that session are destroyed. In other words, we may never close a session while a Key created it in is still in use. We would like to keep the number of such sessions low. Note that we occasionally want to explicitly close a session, see P11Signature. NOTE that sessions obtained from this class SHOULD be returned using either releaseSession() or closeSession() using a finally block when not needed anymore. Otherwise, they will be left for cleanup via the PhantomReference mechanism when GC kicks in, but it's best not to rely on that since GC may not run timely enough since the native PKCS11 library is also consuming memory. Note that sessions are automatically closed when they are not used for a period of time, see Session.