2 Replies Latest reply on Jul 29, 2011 12:40 PM by zekela104

    HttpSession in JBoss

    megasilver Jun 1, 2010 8:40 AM

      Hi, I am evaluating JBoss to see its behaviour on session management.

       

      The code is something like this in servlet a:

       

      HttpSession session = (HttpSession) httpServletRequest.getSession(true);

      if (session.getAttribute("Test")!=null)

      {

           session.setAttribute("Test', "123");

      }

       

      Servlet B also has the same code.

       

      But I found that the same user accessing the servlets on the same browser have the session recreated even though the session still exists.

       

      In other words, a new session is always created, hence the saved attribute can never be accessed.

       

      Does anyone encounter the same issue?

       

      Please advise.

       

      Thank you.

       

      Wes

      • 13339 Views
      • Tags:
        • 1. HttpSession in JBoss
          drmikeh
          drmikeh May 11, 2011 2:21 PM (in response to megasilver)

          I ran into the same problem and looked at the cookie being created for the JBoss connection. I discovered that the default cookie settings for managing the session id include the following settings:

           

              Name: JSESSIONID

              Content: <session id is here>

              Host: <server host is here>

              Path: <context root>

              Send For: Encrypted connections only

              Expires: At end of session

           

          So I switched from HTTP to HTTPS and everything started working. What is happening with the HTTP request is that the browser doesn't send the cookie to the server with each request, so the server has to start over and create a new session. The server does send the cookie with the new session to the browser but the browser never sends it back. With HTTPS the browser is sending the cookie to the server thus negating the need to create a new session.

           

          The way to fix this for HTTP is to modify the server.xml file and configure the Connector with secure="false" and scheme="http".

           

          Mike

            • Actions
          • 2. Re: HttpSession in JBoss
            zekela104
            zekela104 Jul 29, 2011 12:40 PM (in response to drmikeh)

            Hi Mike:

             

            I ported an existing production app from JBOSS 4.2.2 to JBOSS 7. I am now running into this exact same issue. Which environment are you running in? Where did you find the default cookie settings?

             

            Thanks,

            Steve

              • Actions