aspose file tools*
The moose likes Websphere and the fly likes Session management configuaration Issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Websphere
Bookmark "Session management configuaration Issue" Watch "Session management configuaration Issue" New topic
Author

Session management configuaration Issue

Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hi,

I have implemented session management so I am handling it programatically in my Servlet. After deploying my application on the WAS server the problmes are,

1) It is working perfectly if I open single browser. after say 2 min of idle time session is expiring and redirecting user to login screen.

2)If I open two browsers simultaniously with the same user name user session is never expiring it is keep on extending even I keep one browser idle, If you keep two browsers idle for 2 min session is expiring and it's working fine,I think it's sharing the session internally. What could be the reason?

3)Could you please tell me how can I configure my session management on websphere 5.x server. I am caluculating the idle time my self and invalidating session my self after some idle time.

4)Why session management is not working if more than one user is using the application.? (But it's working nice for single user at a time)

Many thanks,
Sirish
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
Don't use multiple windows of Internet Explorer on the same system to test sessions. The way the Internet Explorer handles cookies makes it so multiple windows are actually sharing the same J2EE session. Firefox on the other hand will treat multiple windows as different sessions.


Merrill
Consultant, Sima Solutions
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hi Merrill,

Thanks for your reply!

I am not using cookies to handle the session. Even if I tried to test from two different systems with the same login id but still it's not working. If you keep idle two system for say 2 min session is getting expired if you keep one system idle and keep working on on the other system session is not expiring.

Do I need to customize my settings at server level and .ear file level on Websphere server?

Many Thanks,
-Sirish
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
Originally posted by Sirish Kumar Gongal Reddy:
I am not using cookies to handle the session.

You may not think you're using cookies, but behind the scenes, WebSphere uses cookies to keep track of sessions. The only time this may not be the case is if you've turned off cookies entirely in your browser and you've configured WebSphere to use URL rewriting instead of cookies in session management.

Regarding why activity on a window in one system keeps the session on another system alive, this may be due to the fact that you're invalidating the session yourself after a certian period of time rather than configuring a timeout value through WebSphere or through the J2EE APIs.

There are three ways to configure session timeout values:
  • In the WebSphere admin console for all web applications on that server by selecting Servers--Application servers--server_name--Web container settings--Session management
  • Programatically with the statement: session.setMaxInactiveInterval(1800);
  • In the web.xml file in your web application
  • In the last option, the entry will look like this:

    [ July 02, 2007: Message edited by: Merrill Higginson ]
    Sirish Kumar Gongal Reddy
    Ranch Hand

    Joined: Oct 25, 2004
    Posts: 109
    Hi Merrill,

    Many thanks for your reply with clear explanation.

    May be due to the fact that you're invalidating the session yourself after a certian period of time rather than configuring a timeout value through WebSphere or through the J2EE APIs.


    I am invalidating user session after some idleTime. and I am caluculating user idle time my self by taking sessionCreatingTime() and lastAccessedTime(). If user is exceeds his assigned time in the Database simply I am redirecting him to login page by giving an alert.

    Why I am using this is the session interval for each user is diffenet I need to maintin session based on user role. some user will have 30 min of sessino and some have 1 hr like that. session interval is not common for entair user.

    Can't I invalidating the session yourself after a certian period of time?

    Thanks a lot!
    Sirish
    Merrill Higginson
    Ranch Hand

    Joined: Feb 15, 2005
    Posts: 4864
    Originally posted by Sirish Kumar Gongal Reddy:

    Can't I invalidating the session yourself after a certain period of time?

    Yes, you should be able to do this. I have doubts, though, about the validity of some of your tests. For example, you say it doesn't work if you sign on to a different system with the same user ID. Aren't you resetting the clock based on the user id? Should it be any surprise that the clock is reset when you sign on again as the same user? I've never used this mechanism before, so I don't know much about its idiosyncrasies and I'm afraid I can't be much help in debugging it.

    A mechanism is already in place to do this through the J2EE API, so why not use it? You say your method is not working, so why not use the standard method? Just call session.setTimeoutValue(). This call only affects the current active session without affecting any others.
    [ July 03, 2007: Message edited by: Merrill Higginson ]
     
    It is sorta covered in the JavaRanch Style Guide.
     
    subject: Session management configuaration Issue