开发者

New Session is created between consecutive servlet request from an Applet and a managed bean?

I want to pass parameters betweeen applet and jsf components So when a value of a input textbox changed, its binding backing bean makes connection to a servlet. The servlet create an attribute and save to HttpSession using (request.getSession(true)).setAttribute(name, value);

Then at some event, applet will access another servlet. This servlet will try to retrieve the Attribute saved to Session previously.

However, everytime, the attirbut开发者_Go百科e returned is null as the new session is created instead.

My question is: Is the session should be persist? ( I checked allowcookies, session timeout for weblogic)

If yes, what might go wrong with my app?

Thanks a lot for your help.

Regards K.


Sessions are backed by cookies. In a JSP/Servlet environment the cookie name is jsessionid. To access the same session, the applet has to fire a request with the desired session cookie in the header. Also, you need to ensure that the servlet is running/listening in the same domain and context.

To start, pass the session ID as a parameter to the applet:

<param name="jsessionid" value="${pageContext.session.id}">

Then, in the Applet connect the Servlet as follows:

String jsessionid = getParameter("jsessionid");
URL servlet = new URL(getCodeBase(), "servleturl");
URLConnection connection = servlet.openConnection();
connection.setRequestProperty("Cookie", "jsessionid=" + jsessionid);
// ...

Here servleturl obviously should match servlet's url-pattern in web.xml. This should give the same session back in the servlet on request.getSession().


Although @BalusC is correct (as usual), I think there could also be another reason why the the JSessionId is not being sent to the servlet.

When using Weblogic (and I suppose you do), the default value of cookie-http-only is set to true, meaning it won't send cookies when requesting resources like javascript or applets, meaning every request that the applet sends will include a fresh session ID, making it unable to use sticky sessions.

More information can be found here: https://forums.oracle.com/message/3747820


To established a working session with the servlet, the page containing your applet must have been "served by" the servlet.
At this point you can open a succesfull connection to the servlet.

But this approach work up to tomcat6; You have full access to the session.
With Tomcat7 session fixation avoidance, a new session is created at when the applet posts its request...

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜