|
midrange.com
Sorry that this mail is so big, but I'll try to explain the situation
complete, so one could understand the problem better.
On our WAS3.5.6, I used to check HttpSessions in our controller_servlets
as
follows:
*******
...
session = req.getSession(true);
id = session.getId();
if (session.isNew()) {
httppage = "sessionerror.jsp"
} else {
httppage = "applicationpage.jsp"
}
getServletConfig().getServletContext().getRequestDispatcher(httppage).forwar
d(req, res);
...
*******
Which resulted in the correct jsp launched.
I could open a new browserwindow with another webapp which got it's own
new
sessionid. One could switch from one window to another without haven
problems with the session (as long as they didn't get a time-out). In
some
cases I invalidated the session using:
session.invalidate();
which worked as expected too.
Now we upgraded to WAS4.0.4 and I noticed that 'session.invalidate()'
didn't
work anymore. A closer look and some tests showed me that all new
sessions
got same session_id and WAS seemed to ignore the 'session.invalidate()'
statements. Finally I found out that 'enable cookies' was activated in
the
WAS Server Configuration. I disabled it in WSAD and tried to open both
applications again. Now they get their own session_id's again but... the
statement 'session = req.getSession(true)' alway's return a new session_id
now...
Following actions are done:
WAP1 started in BrowserWindow1
session = req.getSession(true); which creates new session
new id
applicationpage.jsp is forwarded
WAP2 started in BrowserWindow2
session = req.getSession(true); which creates new session
new id
applicationpage.jsp is forwarded
in BrowserWindow1, an action is executed in WAP1 which activates
ControllerServlet1 again
session = req.getSession(true); which creates new session
new id
sessionerror.jsp is forwarded (session-timeout)
HERE I EXPECT:
session = req.getSession(true); which creates new session
NO NEW ID
applicationpage.jsp is forwarded (session-timeout)
QUESTION 1: Why is a new session created at this point?
When we change the WAS_configuration to 'enable cookies', following
happens
WAP1 started in BrowserWindow1
session = req.getSession(true); which creates new session
new id
applicationpage.jsp is forwarded
WAP2 started in BrowserWindow2
session = req.getSession(true); which creates new session
NO NEW ID is created!!!!
applicationpage.jsp is forwarded
in BrowserWindow1, an action is executed in WAP1 which activates
ControllerServlet1 again
session = req.getSession(true); which returns false (ok)
NO NEW ID is created
applicationpage.jsp is forwarded
This seems to do the job but both sessions have same sessionid...
QUESTION2:
Why do they both get same SESSION_ID?
When we execute 'session.invalidate()' in one of the browsers, the unbind
of
our 'connection holder' is called, which indicates that the HttpSession is
being invalidated but... SESSION-ID's doesn't change when new session is
created...
QUESTION3:
What is changed in WAS4 comparing to WAS3.5.6 regarding Session_Tracking
???
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
