aspose file tools*
The moose likes Servlets and the fly likes jsessionid cross multiple web application (Urgent!!) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "jsessionid cross multiple web application (Urgent!!)" Watch "jsessionid cross multiple web application (Urgent!!)" New topic
Author

jsessionid cross multiple web application (Urgent!!)

ricky wong
Greenhorn

Joined: Jan 27, 2003
Posts: 22
Dear all,

I have an urgent problem to fix. Any expert please kindly help...

The scenario of my problem is :

There are 3 individual web applicatoins in 3 web servers respectively. I call them to be Webapp A, Webapp B and Webapp C.

Webapp A is provided jsp for users to do some online operation. All user information are kept in HTTPSession.
Webapp B is used to handle file upload (Offload the high file upload loading if it is done in Webapp A).
Webapp C contains other business logic which must be performed after file upload.

1. Webapp A displays a file upload page for user to upload file and the page also contains the current httpsession id (as a hidden field in the page).
2. User uploads a file to Webapp B and the httpsession id is sent to there.
3. After Webapp B has stored the upload file, it uses HTTPResponse.sendRedirect to redirect the http request to Webapp C. The httpsession id is also passed to Webapp C (as a parameter in URL).
4. Webapp C performs some business logic after received the http request from Webapp B. Webapp C also uses HTTPResponse.sendRedirect to redirect the http request to Webapp A.
5. The Redirect URL in Webapp C is "http://abcdefg.com/test/testservlet;jsessionid=<httpsession id in Webapp A>".
6. When Webapp A received this http request from Webapp C, it can retrieve the original HTTPSession (just use HTTPRequest.getSession(false) to retrieve original HTTPSession) . All user information can be retrieved from this HTTPSession. Then Webapp A can use this information to perform further processing.

In the above scenario, I can successfully to perform all the steps. The original HTTPSession can be retrieved in step 6. But after I have uploaded around 6 or more files to Webapp B. I got NullPointerException when retrieving original HTTPSession in step 6.

The average file size is around 300K and the session timeout is 500s(500000ms). I use IBM Websphere Studio Application Developer v5.0 and setup 3 testing environment to simulate this scenario. Of course, this problem is also occurred when using 3 different WSADs.

Please kindly help if you know what is the problem? Is this problem related to "jsessionid"? I only use HTTPRequest.getSession(false) in step 6 to retrieve original HTTPSession.

Thanks in advance.
Regards,
Ricky
ricky wong
Greenhorn

Joined: Jan 27, 2003
Posts: 22
Sorry, one more thing I missed to mention. The total file upload processing time is around 15s to 55s. I think it should not be session timeout.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60050
    
  65

You might want to read this.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
Ricky - this is not really an answer to your question, but your architecture seems unnecessarily complex. I believe a single webapp would work as well or as bad as three webapps. If you have extra hardware and you want each to take a part of the load, maybe you should consider a clustered webapp.

And why are you passing the session ID from webapp to webapp? Eventually, you are relying on the servlet container for webapp A to recognize the client when it returns from its trip to webapps B and C, aren't you?


Alco-Haul: We move spirits.
Demented Deliberations of a Dilettante
ricky wong
Greenhorn

Joined: Jan 27, 2003
Posts: 22
Webapp A, B and C are developed by different project teams in my company and all of them do not allow to access the others directly (e.g. by RMI). You are right that the design is too complex in our systems.

On the other hand, user in Webapp A can have further online processing after file upload. If all user information are lost after the file upload, he/she cannot perform further online processing. So user information kept in HTTPSession is not only to authenticate user, but also to provide important information for other business processing.

PS : Sorry that I used the word "Urgent" wrongly....

Thanks.
Regards,
Ricky
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
Are all three webapps running from the same server?

If so, change the default name for the session cookie (JSESSIONID) to something different for each of the three webapps. If a single browser instance is going to call different webapps hosted on the same server, they can easily write over each other's session cookies. I am not sure this will solve the issue, but it is something you should do anyway.
Tony Bann
Greenhorn

Joined: Jul 04, 2005
Posts: 1
Originally posted by Sharad Agarwal:
Are all three webapps running from the same server?

If so, change the default name for the session cookie (JSESSIONID) to something different for each of the three webapps. If a single browser instance is going to call different webapps hosted on the same server, they can easily write over each other's session cookies. I am not sure this will solve the issue, but it is something you should do anyway.


Can you explain please how to do this ?
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
Originally posted by Sharad Agarwal:
If a single browser instance is going to call different webapps hosted on the same server, they can easily write over each other's session cookies.


no it can't.
The session IDs are issued by the server and will be unique. Browsers have nothing to do with it.


42
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
Originally posted by Tony Bann:


Can you explain please how to do this ?


In WebLogic, it is a deployment descriptor property. The default cookie name is JSESSIONID. Details are here.

I am not sure if the property is the same for all application servers. I downloaded the Servlet specification and this is what it states:

SRV.7.1.1 Cookies
Session tracking through HTTP cookies is the most used session tracking mechanism and is required to be supported by all servlet containers. The container sends a cookie to the client. The client will then return the cookie on each subsequent request to the server, unambiguously associating the request with a session. The name of the session tracking cookie must be JSESSIONID.

It would seem that the property I refer to is, in that case, a WebLogic specific one?
[ July 05, 2005: Message edited by: Sharad Agarwal ]
Sharad Agarwal
Ranch Hand

Joined: Sep 11, 2002
Posts: 167
Originally posted by Sharad Agarwal:

If a single browser instance is going to call different webapps hosted on the same server, they can easily write over each other's session cookies.


Originally posted by Jeroen Wenting:


no it can't.
The session IDs are issued by the server and will be unique. Browsers have nothing to do with it.


Yes it can Maybe I did not say it clearly enough. Please note that I said "different webapps hosted on the same server". See the difference now?

And the part about a single browser instance is of significance as well. If you have different browser instances going against different webapps hosted on the same server, all the webapps will work fine. It is only when the same browser goes against different webapps hosted on the same server, that we will have the issue of session ID contention.
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
you still won't have problems if you set up the webapps in a smart way (meaning using virtual domains).

But of course there's no predicting user stupidity so whatever you think of to prevent something from happening it will happen anyway at some point.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: jsessionid cross multiple web application (Urgent!!)
 
Similar Threads
Servlet to JSP communication
Chapter 6(Session Management) notes (HFSJ) for revision
Odd problem with RichFaces and Servlet Filter
Using a filter to block access to certain web pages.
long post IBM.158