aspose file tools*
The moose likes Servlets and the fly likes Concurrent sessions on multiple web apps? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Concurrent sessions on multiple web apps?" Watch "Concurrent sessions on multiple web apps?" New topic
Author

Concurrent sessions on multiple web apps?

Justin Chu
Ranch Hand

Joined: Apr 19, 2002
Posts: 209
    
    1
If I am on webapp "/app1Web", and accesses "/app2Web" on the same server, that invalidates my session on "/app1Web".

That is happening on WebLogic. I wonder if this is normal, or this is an issue with my code.

The way I access "/app2Web" is actually a POST from "/app1Web".
[ March 08, 2007: Message edited by: Chu Tan ]
D Rog
Ranch Hand

Joined: Feb 07, 2004
Posts: 472

It should be issue with your code. Server won't invalidate your session unless timeout reached.


Retire your iPod and start with HD Android music player Kamerton | Minimal J2EE container is here | Light weight full J2EE stack | and build tool | Co-author of "Windows programming in Turbo Pascal"
Justin Chu
Ranch Hand

Joined: Apr 19, 2002
Posts: 209
    
    1
It turns out that weblogic JSESSIONID cookie uses the '/' path by default, and the 2nd application will override the cookie. All I need to do is to configure the cookie to the context root path for each application.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30294
    
150

First of all, yes - I'm well aware that I'm bumping a two year old thread. It helped me a lot. We were struggling with this problem for a few weeks and this thread pointed us right at the solution.

I didn't find this thread earlier despite much searching because I wasn't using the right search terms. And because the web is cluttered with questions about sessions being invalidated prematurely due to timeouts and trying to access the same session across multiple applications. Since this thread helped me so much, I want to give it some good karma.

------------------------------------------------------------------------------------------------------------------
Here's the question I would have asked that this thread answers. Along with some extra information that I learned was important upon the long road to a solution.

I want to interact between multiple applications on the same domain. They are on different logical application servers under the same install/cell. The user will click on links within one application which will take it to the other and back. I expect the original HttpSession for each application will still be there with all the current information. I'm not trying to share the same session across applications, just to let them both exist simultaneously. The problem is as soon as I go into the second application, the first application's session is invalidated.

At first I thought the single sign on manager (like Siteminder or WebSeal) was messing things up. Turns out this wasn't the case. The problem occurs with just the application server (like WebLogic or WebSphere.)

Looking at the headers using a Firefox plugin like LiveHeaders helps show the actual problem - the one Justin identified in this thread. When the root "/" is set as the cookie path, the reference to the session is lost. When you hit the second application, it sticks the jsessionid for that application in the cookie - which overwrites the pointer to the session of the first application. When you go back to the first application, it uses the second application's jsessionid - which of course doesn't match. So it creates a new session overwriting the link to the session for the first application. And the problem cycle continues.

Changing the "/" to "/path1" and "path2" (where path1 and path2 represent the URLs used by the two apps) allowed both sessions to have pointers at the same time. Problem begone.

So thank you Justin for sharing the solution. We always say posting the solution helps others who later have the problem. And this time it was me!



If I am on webapp "/app1Web", and accesses "/app2Web" on the same server, that invalidates my session on "/app1Web".

That is happening on WebLogic. I wonder if this is normal, or this is an issue with my code.

The way I access "/app2Web" is actually a POST from "/app1Web".


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Eshwar Prasad
Ranch Hand

Joined: Mar 21, 2008
Posts: 202
Thank you Jeanne. You provided the detailed explanation.

I am now struggling with this problem of session invalidation. As you mentioned, please let me know if you are suggesting to set the path in JSESSIONID. I am trying to do as below. Please advise if this is the right approach.

1. Get the list of cookies from request from below code.


2. Loop the cookie array and find JSESSIONID and set path to my application context path and then add to response header.

OR can i create a new cookie from my application and add the path.

Please advise.
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30294
    
150

You shouldn't be updating that cookie directly. It is getting the path from a server configuration.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Concurrent sessions on multiple web apps?