File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Why HttpSession expired ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Why HttpSession expired ?" Watch "Why HttpSession expired ?" New topic
Author

Why HttpSession expired ?

Rok Lee
Greenhorn

Joined: Jun 14, 2005
Posts: 4
Hi guys,

I'm using Weblogic 8.1 with https.
I have two web applications(say app1 and app2) in different clusters.
In my https://domain1/app1/app1_Welcome.jsp, I open a pop-up window which is linked to https://domain2/app2/app2_Welcome.jsp.
Whenever I open the pop-up window, I see the contents of app2_Welcome.jsp but right after close the opened window, the session in app1 is expired.
I guess there seems some session management bet'n two applications in weblogic server for the security reason.

Has anybody any idea?

Thanks,
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I'm not sure I understand. Are you saying accessing domain1 opens a pop-up window (containing info from domain2), but without changing from the original request the window from domain1 has lost it's session?

If this is the case I'd wonder if domain1 had a session to start with, sounds more like it doesn't have a session yet. If the pop-up was refreshing or altering the window for domain1 it may be related to IE 'losing' sessions for pop-ups, but that is usually for pop-ups in the domain and this is not your case.

Can you please clarify?

thanks,
Dave.
Rok Lee
Greenhorn

Joined: Jun 14, 2005
Posts: 4
Hi David,

To clarify,
1)I'm in https://domain1/app1/app1_Welcome.jsp and it has HttpSession created
2)I click the link <a href="https://domain2/app2/app2_Welcome.jsp target="_blank">Welcome</a>
3)pop-up new browser shows the contents of app2_Welcome.jsp
4)I close the popped-up window
5)I want to do another job(say click the "next" button to call action) in the app1_Welcome.jsp
6)the session has been gone(i.e. invalidated) and I lose all the session related objects

Thanks,
Rok
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
This may not help, but something to try. Try exercising app1 BEFORE you kill window of app2. Like so:

1)I'm in https://domain1/app1/app1_Welcome.jsp and it has HttpSession created
2)I click the link <a href="https://domain2/app2/app2_Welcome.jsp target="_blank">Welcome</a>
3)pop-up new browser shows the contents of app2_Welcome.jsp
4)I want to do another job(say click the "next" button to call action) in the app1_Welcome.jsp

What happens?


Alco-Haul: We move spirits.
Demented Deliberations of a Dilettante
Rok Lee
Greenhorn

Joined: Jun 14, 2005
Posts: 4
Hi Sharad,

Thanks for the tip but it's the same....
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
This is interesting. Are both apps being run from the same server? It seems that the default cookie name is JSESSIONID. It being the same for both applications, app2 hijacks the cookie that app1 generated.

Try setting a different cookie name in the deployment descriptor. Details are here.
Rok Lee
Greenhorn

Joined: Jun 14, 2005
Posts: 4
Hi Sharad,

That works!
You're the man.
Thanks a lot.

Btw. what is the mechanism for weblogic server to manage session?
Other app server like websphere do the same?

Thanks

Rok
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
Originally posted by Rok Lee:

That works!
You're the man.
Thanks a lot.

I am happy I could give something back to this forum.

Originally posted by Rok Lee:

Btw. what is the mechanism for weblogic server to manage session?
Other app server like websphere do the same?

I am not sure how much detail you are looking for here. All application servers will handle session management for you in terms of cookies or URL re-writing as appropriate. There are some settings that are available to us, but in general, we should rely on the app server to perform the most effective management.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Why HttpSession expired ?