Creating and Managing Sessions
This chapter describes how to create and manage HTTP sessions that allows users and transaction information to persist between interactions.
This chapter contains the following sections:
Configuring Sessions
This section covers the following topics:
HTTP Sessions, Cookies, and URL Rewriting
To configure whether and how HTTP sessions use cookies and URL rewriting, edit the session-properties and cookie-properties elements in the sun-web.xml file for an individual web application. For more about the properties you can configure, see session-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide and cookie-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.
Coordinating Session Access
Make sure that multiple threads don’t simultaneously modify the same session object in conflicting ways.
This is especially likely to occur in web applications that use HTML frames where multiple servlets are executing simultaneously on behalf of the same client. A good solution is to ensure that one of the servlets modifies the session and the others have read-only access.
Saving Sessions During Redeployment
Whenever a redeployment is done, the sessions at that transit time become invalid unless you use the keepSessions=true property of the asadmin redeploy command. For example:
asadmin redeploy --properties keepSessions=true --name hello.war |
For details, see the Sun GlassFish Enterprise Server v3 Prelude Reference Manual.
The new class loader of the redeployed application is used to deserialize any sessions previously saved. The usual restrictions about serialization and deserialization apply. For example, any application-specific class referenced by a session attribute may evolve only in a backward-compatible fashion. For more information about class loaders, see Chapter 2, Class Loaders.
Session Managers
A session manager automatically creates new session objects whenever a new session starts. In some circumstances, clients do not join the session, for example, if the session manager uses cookies and the client does not accept cookies.
Enterprise Server offers these session management options, determined by the session-manager element’s persistence-type attribute in the sun-web.xml file:
-
The memory Persistence Type, the default
-
The file Persistence Type, which uses a file to store session data
Note –
If the session manager configuration contains an error, the error is written to the server log and the default (memory) configuration is used.
For more information, see session-manager in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.
The memory Persistence Type
This persistence type is not designed for a production environment that requires session persistence. It provides no session persistence. However, you can configure it so that the session state in memory is written to the file system prior to server shutdown.
To specify the memory persistence type for a specific web application, edit the sun-web.xml file as in the following example. The persistence-type property is optional, but must be set to memory if included. This overrides the web container availability settings for the web application.
<sun-web-app> ... <session-config> <session-manager persistence-type="memory" /> <manager-properties> <property name="sessionFilename" value="sessionstate" /> </manager-properties> </session-manager> ... </session-config> ... </sun-web-app>
The only manager property that the memory persistence type supports is sessionFilename, which is listed under manager-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide. The sessionFilename property specifies the name of the file where sessions are serialized and persisted if the web application or the server is stopped. To disable this behavior, specify an empty string as the value of sessionFilename.
For more information about the sun-web.xml file, see Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.
The file Persistence Type
This persistence type provides session persistence to the local file system, and allows a single server domain to recover the session state after a failure and restart. The session state is persisted in the background, and the rate at which this occurs is configurable. The store also provides passivation and activation of the session state to help control the amount of memory used. This option is not supported in a production environment. However, it is useful for a development system with a single server instance.
Note –
Make sure the delete option is set in the server.policy file, or expired file-based sessions might not be deleted properly. For more information about server.policy, see The server.policy File.
To specify the file persistence type for a specific web application, edit the sun-web.xml file as in the following example. Note that persistence-type must be set to file. This overrides the web container availability settings for the web application.
<sun-web-app> ... <session-config> <session-manager persistence-type="file"> <store-properties> <property name="directory" value="sessiondir" /> </store-properties> </session-manager> ... </session-config> ... </sun-web-app>
The file persistence type supports all the manager properties listed under manager-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide except sessionFilename, and supports the directory store property listed under store-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.
For more information about the sun-web.xml file, see Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.
- © 2010, Oracle Corporation and/or its affiliates