New Session is created between consecutive servlet request from an Applet and a managed bean?_问答_开发者

New Session is created between consecutive servlet request from an Applet and a managed bean?

开发者 https://www.devze.com 2023-01-02 03:49 出处：网络

I want to pass parameters betweeen applet and jsf components So when a value of a input textbox changed, its binding backing bean makes connection to a servlet. The servlet create an attribute and sav

Then at some event, applet will access another servlet. This servlet will try to retrieve the Attribute saved to Session previously.

However, everytime, the attirbut开发者_Go百科e returned is null as the new session is created instead.

My question is: Is the session should be persist? ( I checked allowcookies, session timeout for weblogic)

If yes, what might go wrong with my app?

Thanks a lot for your help.

Regards K.

Sessions are backed by cookies. In a JSP/Servlet environment the cookie name is jsessionid. To access the same session, the applet has to fire a request with the desired session cookie in the header. Also, you need to ensure that the servlet is running/listening in the same domain and context.

To start, pass the session ID as a parameter to the applet:

<param name="jsessionid" value="${pageContext.session.id}">

Then, in the Applet connect the Servlet as follows:

String jsessionid = getParameter("jsessionid");
URL servlet = new URL(getCodeBase(), "servleturl");
URLConnection connection = servlet.openConnection();
connection.setRequestProperty("Cookie", "jsessionid=" + jsessionid);
// ...

Here servleturl obviously should match servlet's url-pattern in web.xml. This should give the same session back in the servlet on request.getSession().

Although @BalusC is correct (as usual), I think there could also be another reason why the the JSessionId is not being sent to the servlet.

When using Weblogic (and I suppose you do), the default value of cookie-http-only is set to true, meaning it won't send cookies when requesting resources like javascript or applets, meaning every request that the applet sends will include a fresh session ID, making it unable to use sticky sessions.

More information can be found here: https://forums.oracle.com/message/3747820

To established a working session with the servlet, the page containing your applet must have been "served by" the servlet.
At this point you can open a succesfull connection to the servlet.

But this approach work up to tomcat6; You have full access to the session.
With Tomcat7 session fixation avoidance, a new session is created at when the applet posts its request...