1.  Home
  2. WEB400
  3. January 2003

HttpSession tracking question

Sorry that this mail is so big, but I'll try to explain the situation
complete, so one could understand the problem better.

On our WAS3.5.6, I used to check HttpSessions in our controller_servlets 
as
follows:
*******
...
session = req.getSession(true);
id = session.getId();
if (session.isNew()) {
    httppage = "sessionerror.jsp"
} else {
    httppage = "applicationpage.jsp"
}
getServletConfig().getServletContext().getRequestDispatcher(httppage).forwar
d(req, res);
...
*******
Which resulted in the correct jsp launched.
I could open a new browserwindow with another webapp which got it's own 
new
sessionid.  One could switch from one window to another without haven
problems with the session (as long as they didn't get a time-out).  In 
some
cases I invalidated the session using:
   session.invalidate();
which worked as expected too.

Now we upgraded to WAS4.0.4 and I noticed that 'session.invalidate()' 
didn't
work anymore.  A closer look and some tests showed me that all new 
sessions
got same session_id and WAS seemed to ignore the 'session.invalidate()'
statements.  Finally I found out that 'enable cookies' was activated in 
the
WAS Server Configuration.  I disabled it in WSAD and tried to open both
applications again.  Now they get their own session_id's again but... the
statement 'session = req.getSession(true)' alway's return a new session_id
now...
Following actions are done:
WAP1 started in BrowserWindow1
   session = req.getSession(true); which creates new session
   new id
   applicationpage.jsp is forwarded

WAP2 started in BrowserWindow2
   session = req.getSession(true); which creates new session
   new id
   applicationpage.jsp is forwarded

in BrowserWindow1, an action is executed in WAP1 which activates
ControllerServlet1 again
   session = req.getSession(true); which creates new session
   new id
   sessionerror.jsp is forwarded (session-timeout)

HERE I EXPECT:
   session = req.getSession(true); which creates new session
   NO NEW ID
   applicationpage.jsp is forwarded (session-timeout)

QUESTION 1: Why is a new session created at this point?

When we change the WAS_configuration to 'enable cookies', following 
happens
WAP1 started in BrowserWindow1
   session = req.getSession(true); which creates new session
   new id
   applicationpage.jsp is forwarded

WAP2 started in BrowserWindow2
   session = req.getSession(true); which creates new session
   NO NEW ID is created!!!!
   applicationpage.jsp is forwarded

in BrowserWindow1, an action is executed in WAP1 which activates
ControllerServlet1 again
   session = req.getSession(true); which returns false (ok)
   NO NEW ID is created
   applicationpage.jsp is forwarded
This seems to do the job but both sessions have same sessionid...

QUESTION2:
Why do they both get same SESSION_ID?
When we execute 'session.invalidate()' in one of the browsers, the unbind 
of
our 'connection holder' is called, which indicates that the HttpSession is
being invalidated but... SESSION-ID's doesn't change when new session is
created...

QUESTION3:
What is changed in WAS4 comparing to WAS3.5.6 regarding Session_Tracking 
???

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.