 |
To find out how to allow Web applications to share session data, see "How do I share session data between different web applications?". |
Sometimes you may want to explicitly prevent HTTP session data from being shared by different Java EE applications that participate in the same Coherence cluster. For example, say you have two applications HRPortal and InWeb that share cached data in their EJB tiers but utilize different session data. In this case, it is desirable for both applications to be part of the same Coherence cluster, but undesirable for both applications to use the same clustered service for session data.
|
To find out how to allow Web applications to share session data, see "How do I share session data between different web applications?". |
To prevent different Java EE applications from sharing session data, you must specify a unique session cache service name for each application. To do so, locate the following configuration settings in each session-cache-config.xml file found in your application:
<replicated-scheme> <scheme-name>default-replicated</scheme-name> <service-name>ReplicatedSessionsMisc</service-name> <backing-map-scheme> <class-scheme> <scheme-ref>default-backing-map</scheme-ref> </class-scheme> </backing-map-scheme> </replicated-scheme> <distributed-scheme> <scheme-name>session-distributed</scheme-name> <service-name>DistributedSessions</service-name> <lease-granularity>member</lease-granularity> <backing-map-scheme> <class-scheme> <scheme-ref>default-backing-map</scheme-ref> </class-scheme> </backing-map-scheme> </distributed-scheme> <distributed-scheme> <scheme-name>session-certificate</scheme-name> <service-name>DistributedSessions</service-name> <lease-granularity>member</lease-granularity> <backing-map-scheme> <local-scheme> <scheme-ref>session-certificate-autoexpiring</scheme-ref> </local-scheme> </backing-map-scheme> </distributed-scheme>
Set the <service-name/> parameters to a distinct value for each application (for example, ReplicationSessionsMiscHRP and DistributedSessionsHRP for the HRPortal application). This will force each application to use a separate clustered service for session data. After making these changes, remember to save the modified session-cache-config.xml files.
If you are using cookies to store session IDs, you must make sure that session cookies created by one application are not propagated to another application. To do so, you must set each application's session cookie domain and path in their web.xml file. The context parameter coherence-session-cookie-path sets the context path for a Web application. To prevent cookies from being propagated, be sure that no two applications share the same context path. For example, assume you have two Web applications registered under the contexts paths /web/HRPortal and /web/InWeb. To prevent the Web applications from sharing session data via cookies, then set the coherence-session-cookie-path parameter in one application's web.xml file to /web/HRPortal; set the parameter in the other application's web.xml file to /web/InWeb.
If your applications are deployed on different Web containers running on separate machines, then you can set the context parameter coherence-session-cookie-domain to ensure that they are not in the same domain. For example, assume you have two Web applications running on server1.mydomain.com and server2.mydomain.com. To prevent session cookies from being shared between them, then set the coherence-session-cookie-domain parameter in one application's web.xml file to server1.mydomain.com; set the parameter in the other application's web.xml file to server2.mydomain.com.