Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Agenda
Overview of HTTP Session Management
WebSphere Application Server & Session Management
Local sessions
Persistence mechanisms
Database persistence
Memory-to-memory replication
Problem determination
Best practices
Resources
Q&A
Implementing the HTTP Session allows a web application developer to maintain state information across multiple user visits to
the application.
HTTP Session API:
Creating/Accessing Session:
HttpSession session = request.getSession(boolean create)
HttpSession session = request.getSession()
Verifying if session is a new session:
Session.isNew()
Dealing with HTTP Session attributes:
getAttribute(String name)
setAttribute(String name, Object val)
removeAttribute()
When / How long:
getCreationTime()
getLastAccessedTime()
getMaxInactiveInterval()
setMaxInactiveInterval()
Session listeners:
Session Create or Destroy:
HTTPSessionListener
• sessionCreated()
• sessionDestroyed()
Session Attributes:
HttpSessionAttributeListener
• attributeAdded()
• attrbuteRemoved()
• attributeReplaced()
Session Activation:
HttpSesessionActivationListener
• sessionActivated()
• sessionPassivated()
Session Binding Events:
HttpSessionBindingListener
• valueBound()
• valueUnbound()
com.ibm.websphere.servlet.session.IBMSessionListener
Session cookie
JSESSIONID=0002wJXDXci_VotW v84L6nNMaN3:15ej9t1j5:15ej9t4hc
CacheId : 0002
CloneSeperator : “:”
SessionId : wJXDXci_VotWv84L6nNMaN3
Application level
Session Timeout
No timeout
Set timeout
Security Integration
Local sessions
Local Sessions
The local/in-memory session cache keeps session information in memory and local to the
machine and WebSphere Application Server where the session information was first
created.
Local session management does not share user session information with other clustered
machines. Users only obtain their session information if they return to the application
server
Session data will be lost, during the fail-over and also if server goes down or server
recycle
Local sessions
Persistence mechanisms
Database persistence
Configuring Database persistence
Create JDBC provide
Create a data source for the database.
Configure session Manager to use the data source created.
Note: Session Manager will automatically create the necessary database schema except for DB2 on z/OS. If
using DB2 on z/OS, then database administrator need to create the database schema manually. Refer the
following URL for instructions to create session schema:
Creating a DB2 table for session persistence
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/
zseries/ae/tprs_db2tzos.html
Distributed settings
Database settings
Custom settings
Write frequency default Time based
Write interval default 10 seconds
Write contents default All session attributes
Schedule sessions cleanup default false
WebServer Plug-in
Load Balancing
Distributes the load/request to all cluster members based on
Round Robin algorithm
Session Affinity
For all existing sessions, Plug-in sends request to the server
where session data exists in memory
When the target server is not reachable, then request fails over
to a different server in cluster
Plug-in uses cloneId information present in JSESSIONID cookie
of the incoming request to route request to application server
Memory-to-Memory replication
Sessions are stored in the memory of an application server, providing the same
functionality as a database for session persistence.
M-M persistence, eliminates the overhead and cost of setting up and maintaining a real-
time production database.
It also eliminates the single point of failure that can occur with a database.
Memory-to-memory replication uses the DRS to replicate data across many application
servers in a cluster.
Dynamic Caching and Stateful session beans are other consumers of DRS.
Replication domain should be created (Either manually or while creating the cluster)
before configuring the DRS.
NOTE: Do not use same replication domain for Dynamic caching and sessions/Stateful.
Memory-to-Memory
Configuring Memory-to-Memory replication
Create a replication domain.
Select “Memory-to-Memory replication” persistence from distributed
environment settings page of session manager panel.
Peer-to-Peer topology
This is most commonly used topology.
In this basic peer-to-peer topology, each application server can:
The advantage of this topology is that no additional processes and products are
required to avoid a single point of failure.
Peer-to-peer topology
Client/Server topology
In Client/Server topology the servers act as either replication client only or a server
only.
Client/Server topology
Problem determination
Problem determination
Session Affinity is failing
Affinity is maintained by plug-in. If WebServer plug-in is not used in the
environment, then affinity will not be maintained.
Check if the session persistence is configured properly
make sure latest plugin-cfg.xml is in use.
Review the plug-in trace to see if plug-in is picking up right clone information from
session cookie as well as sending request to right server.
If using peer-to-peer topology, then plug-in uses dynamic partition table information
to maintain affinity.
Make sure to upgrade plug-in with application server upgrade.
Best practices
When secure data is stored in session, use session and security integration
feature in secured environments.
Avoid trying to save and reuse the HttpSession object outside of servlet or
JSP service.
com.ibm.websphere.servlet.session.IBMSessionListner
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/
com.ibm.websphere.javadoc.doc/web/apidocs/com/ibm/websphere/servlet/session/
IBMSessionListener.html
View a webcast replay with step-by-step instructions for using the Service Request (SR)
tool for submitting problems electronically:
http://www.ibm.com/software/websphere/support/d2w.html
Sign up to receive weekly technical My Notifications emails:
http://www.ibm.com/software/support/einfo.html