Configuring Sessions

This section covers the following topics:

• HTTP Sessions, Cookies, and URL Rewriting

• Coordinating Session Access

• Saving Sessions During Redeployment

HTTP Sessions, Cookies, and URL Rewriting

To configure whether and how HTTP sessions use cookies and URL rewriting, edit the session-properties and cookie-properties elements in the sun-web.xml file for an individual web application. For more about the properties you can configure, see session-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide and cookie-properties in Sun GlassFish Enterprise Server v3 Prelude Application Deployment Guide.

Coordinating Session Access

Make sure that multiple threads don’t simultaneously modify the same session object in conflicting ways.

This is especially likely to occur in web applications that use HTML frames where multiple servlets are executing simultaneously on behalf of the same client. A good solution is to ensure that one of the servlets modifies the session and the others have read-only access.

Saving Sessions During Redeployment

Whenever a redeployment is done, the sessions at that transit time become invalid unless you use the keepSessions=true property of the asadmin redeploy command. For example:

asadmin redeploy --properties keepSessions=true --name hello.war

For details, see the Sun GlassFish Enterprise Server v3 Prelude Reference Manual.

The new class loader of the redeployed application is used to deserialize any sessions previously saved. The usual restrictions about serialization and deserialization apply. For example, any application-specific class referenced by a session attribute may evolve only in a backward-compatible fashion. For more information about class loaders, see Chapter 2, Class Loaders.