 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / June 2005Getting session cookie name
The session cookie name for persistent sessions is specified in the deployment descriptor. How can I get this cookie name in a JSP? I am using the Weblogic implementation of J2EE. > The session cookie name for persistent sessions is specified in the > deployment descriptor. How can I get this cookie name in a JSP? I am > using the Weblogic implementation of J2EE. Just out of interest, why?  SignatureSean "I'm willing to look like an idiot in order to get my work done more quickly" --Ed Wilkinson We have a load balancer (a plugin in the webserver) that balances based on whether there is a session cookie; if there is a session cookie, the request is not load balanced, if there is no session cookie, the request is a new request hence the load balancer (using round-robin algorithm) sends the request to one of two Weblogic nodes. When Weblogic times out a session, the browser can send a request with a stale cookie which is then treated as a new login request by weblogic and sends the user to the form-based login JSP. Even though this is a new login, this request is not load balanced because there is a session cookie, though it is invalid. Effectively, after the first login of a user, there is no load balancing for his/her sessions even after session timeouts. On a session timeout, I want to send a redirect page to the browser. The redirect page clears the session cookie and then sends a new login request. Which is why I need the session cookie. I believe ServletAuthentication.getSessionCookie may work, though I haven't gotten it to work yet. > We have a load balancer (a plugin in the webserver) that balances based > on whether there is a session cookie; if there is a session cookie, the [quoted text clipped - 15 lines] > ServletAuthentication.getSessionCookie may work, though I haven't > gotten it to work yet. RTFM, in particular, section SRV.7.1.1 of the servlet 1.4 specification: <quote> Session tracking through HTTP cookies is the most used session tracking mechanism and is required to be supported by all servlet containers. The container sends a cookie to the client. The client will then return the cookie on each subsequent request to the server, unambiguously associating the request with a session. The name of the session tracking cookie must be JSESSIONID. </quote> HTH, Ray SignatureXML is the programmer's duct tape. JSESSIONID is the default name; the name can be configured in weblogic.xml. In fact we use at least two different session cookie names in various applications. > JSESSIONID is the default name; the name can be configured in > weblogic.xml. In fact we use at least two different session cookie > names in various applications. The specification is pretty clear as I posted it; the name *must* be JSESSIONID. So whatever you are doing is specific to WebLogic and you must look for a WebLogic-specific solution. That's what happens when you violate the spec. Ray SignatureXML is the programmer's duct tape. I don't know about the specs but multiple session cookies will be required if the user is accessing multiple J2EE applications on the same system. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.