5 Replies Latest reply on Feb 13, 2015 5:17 AM by ctomc

Joss AS 7 Session Management

vijaykumar.jagdale Jan 8, 2015 7:33 AM

Hi All,

I am migrating my application from jboss 4.2 to jboss 7.

I am facing a problem due to my application server create a new session id for each request. please let me know how should it prevent this and how to configure a session management in the jboss as 7.

thanks in advance

1. Re: Joss AS 7 Session Management

jaysensharma Jan 8, 2015 11:39 AM (in response to vijaykumar.jagdale)

How are you creating HttpSession inside your application? Can you paste the code snippet?
Actions
2. Re: Joss AS 7 Session Management

vijaykumar.jagdale Jan 9, 2015 12:19 AM (in response to vijaykumar.jagdale)

With the below mentioned code, a new session ID is created for every request. Thus, the user get logged out from the session for each request, since the old and new session IDs are different.
In JBoss 4.2 this was not the scenario. Can you please elaborate session management in JBoss7?

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.struts.tiles.TilesRequestProcessor;
public class LoginPreprocessor extends TilesRequestProcessor
{

public boolean processPreprocess(HttpServletRequest request, HttpServletResponse response)
{

   HttpSession session = request.getSession(false);
   //HttpSession session = request.getSession(true);
   System.out.println("----------------------------------------------------");
   System.out.println("session Id"+session.getId());
   System.out.println("-----------------------------------------------------");
        //If user is trying to access login page
        // then don't check
        if( request.getServletPath().equals("/LoginAction.do")
            || request.getServletPath().equals("/jsp/default.jsp")
         )

            return true;

        //Check if USER_ID attribute is there is the session.
        //If so, it means user has already been logged in, return true
        if( session != null && session.getAttribute("USER_ID") != null)
            return true;
        else{
            try{
                //If not, redirect the user to login Page
             System.out.println("------In LoginPreProcessor--------");
                request.getRequestDispatcher("/jsp/default.jsp").forward(request,response);
            }catch(Exception ex){
            }
        }
        return false;
}
}
Actions
3. Re: Joss AS 7 Session Management

ctomc Jan 11, 2015 5:41 PM (in response to vijaykumar.jagdale)

Session management is defined by servlet specification and out of the box supports tracking by cookie or by url rewriting.
Defaulting to using session cookie.

If your client doesn't support cookies or for some reason doesn't send them you could see the problem you are describing.
Actions
4. Re: Joss AS 7 Session Management

vijaykumar.jagdale Feb 12, 2015 11:57 PM (in response to ctomc)

Hi Tomaz,

actually I tried it in the chrome and it working fine, but it giving problem in IE11. i tried to run same on jboss 7.1 it working fine.
is their any problem with using jboss 7.0 with IE11?
Actions
5. Re: Joss AS 7 Session Management

ctomc Feb 13, 2015 5:17 AM (in response to vijaykumar.jagdale)

could be that there was some problem in 7.0, it is really old server.
even just difference between 7.0 and 7.1 is huge.
I would in any case recommend you to move to something newer like WildFly(project renamed after 7) 8.2.
Actions

Go to original post