New Session is created between consecutive servlet request from an Applet and a managed bean?
I want to pass parameters betweeen applet and jsf components So when a value of a input textbox changed, its binding backing bean makes connection to a servlet. The servlet create an attribute and save to HttpSession using (request.getSession(true)).setAttribute(name, value);
Then at some event, applet will access another servlet. This servlet will try to retrieve the Attribute saved to Session previously.
However, everytime, the attirbut开发者_Go百科e returned is null as the new session is created instead.
My question is: Is the session should be persist? ( I checked allowcookies, session timeout for weblogic)
If yes, what might go wrong with my app?
Thanks a lot for your help.
Regards K.
Sessions are backed by cookies. In a JSP/Servlet environment the cookie name is jsessionid
. To access the same session, the applet has to fire a request with the desired session cookie in the header. Also, you need to ensure that the servlet is running/listening in the same domain and context.
To start, pass the session ID as a parameter to the applet:
<param name="jsessionid" value="${pageContext.session.id}">
Then, in the Applet connect the Servlet as follows:
String jsessionid = getParameter("jsessionid");
URL servlet = new URL(getCodeBase(), "servleturl");
URLConnection connection = servlet.openConnection();
connection.setRequestProperty("Cookie", "jsessionid=" + jsessionid);
// ...
Here servleturl
obviously should match servlet's url-pattern
in web.xml
. This should give the same session back in the servlet on request.getSession()
.
Although @BalusC is correct (as usual), I think there could also be another reason why the the JSessionId is not being sent to the servlet.
When using Weblogic (and I suppose you do), the default value of cookie-http-only is set to true, meaning it won't send cookies when requesting resources like javascript or applets, meaning every request that the applet sends will include a fresh session ID, making it unable to use sticky sessions.
More information can be found here: https://forums.oracle.com/message/3747820
To established a working session with the servlet, the page containing your applet must have been "served by" the servlet.
At this point you can open a succesfull connection to the servlet.
But this approach work up to tomcat6; You have full access to the session.
With Tomcat7 session fixation avoidance, a new session is created at when the applet posts its request...
精彩评论