Sun GlassFish Enterprise Server 2.1 Developer's Guide

Configuring Sessions

This section covers the following topics:

HTTP Sessions, Cookies, and URL Rewriting

To configure whether and how HTTP sessions use cookies and URL rewriting, edit the session-properties and cookie-properties elements in the sun-web.xml file for an individual web application. For more about the properties you can configure, see session-properties in Sun GlassFish Enterprise Server 2.1 Application Deployment Guide and cookie-properties in Sun GlassFish Enterprise Server 2.1 Application Deployment Guide.

For information about configuring default session properties for the entire web container, see Chapter 8, SIP, Web, and EJB Containers, in Sun GlassFish Enterprise Server 2.1 Administration Guide and the Sun GlassFish Enterprise Server 2.1 High Availability Administration Guide.

Coordinating Session Access

Make sure that multiple threads don’t simultaneously modify the same session object in conflicting ways. If the persistence type is ha (see The ha Persistence Type), the following message in the log file indicates that this might be happening:

Primary Key Constraint violation while saving session session_id

This is especially likely to occur in web applications that use HTML frames where multiple servlets are executing simultaneously on behalf of the same client. A good solution is to ensure that one of the servlets modifies the session and the others have read-only access.

Distributed Sessions and Persistence

Note –

Some topics in the documentation pertain to features that are available only in domains that are configured to support clusters. Examples of domains that support clusters are domains that are created with the cluster profile or the enterprise profile. For information about profiles, see Usage Profiles in Sun GlassFish Enterprise Server 2.1 Administration Guide.

A distributed HTTP session can run in multiple Enterprise Server instances, provided the following criteria are met:

Note –

Contrary to the Servlet 2.5 specification, Enterprise Server does not throw an IllegalArgumentException if an object type not supported for failover is bound into a distributed session.

Keep the distributed session size as small as possible. Session size has a direct impact on overall system throughput.

In the event of an instance or hardware failure, another server instance can take over a distributed session, with the following limitations:

In the following table, No indicates that failover for the object type might not work in all cases and that no failover support is provided. However, failover might work in some cases for that object type. For example, failover might work because the class implementing that type is serializable.

For more information about the InitialContext, see Accessing the Naming Context. For more information about transaction recovery, see Chapter 16, Using the Transaction Service. For more information about Administered Objects, see Creating Physical Destinations.

Table 8–4 Object Types Supported for Java EE Web Application Session State Failover

Java Object Type 

Failover Support 

Colocated or distributed stateless session, stateful session, or entity bean reference 


JNDI context 

Yes, InitialContext and java:comp/env


Yes, but if the instance that fails is never restarted, any prepared global transactions are lost and might not be correctly rolled back or committed. 

JDBC DataSource 


Java Message Service (JMS) ConnectionFactory, Destination 


JavaMail Session 


Connection Factory 


Administered Object 


Web service reference 


Serializable Java types 


Extended persistence context