|
|
|
|
|
|
|
|
Using Sessions With iPlanet[tm] Web Server 6.xBy Matthew Hosanee(June 2002) We want to hear from you! Please send us your FEEDBACK. The following article may contain actual software programs in source code form. This source code is made available for developers to use as needed, pursuant to the terms and conditions of this license.
Using SessionsSessions are a way to maintain state information for a particular user (browser) across a period of time and/or multiple accesses.There are a number of ways to maintain session data, and a number of tiers on which to maintain it, such as the client, Web, Enterprise Information System (EIS) or Enterprise JavaBeans[tm] (EJB[tm]) component architecture tier. The Java[tm] Blueprints Guidelines, as referenced at the end of this article, evaluates all the possibilities and suggests ways to achieve them. The recommendations are to use the Web tier for applications that are not using Enterprise Beans. This is done by the Web container, such as in an application server or Web server. The HttpSession interface used in the Web tier is located in the javax.servlet.http package obtained in a servlet from the HttpServletRequest, by using the getSession method (either with or without parameters; see the HttpSession API for more information). NOTE: URL rewriting is the ability to use sessions and session information if cookies have been disallowed or are not available on the client. URL rewriting can also be useful when, for example, proxy or firewall servers change or disallow cookies. Cookies are small bits of data stored by the client; for example by a Web browser. Sessions are made possible through the exchange of a token between the client making the request, and the server returning the response. This token is a key/value pair, where the key is "jsessionid", and the value is a unique session ID. If cookies are enabled in the client browser, the Session ID token will be included in the cookie sent with the HTTP request/response. If URL rewriting is used, then the session ID token should be appended to the URL's, including hyperlinks that require access to the session and also the responses from the server. The Web container uses a session manager to handle sessions. It can be configured, as referenced at the end of this document.
ConfigurationThe iPlanet[tm] Web Server configuration file server_root/https-{virtual_server_id}/config/web-apps.xml allows you to configure whether the Web container allows cookies and/or URL rewriting. This can be done for an entire virtual server or per Web application.To change the Web containers used for the entire virtual server you can edit the file as follows: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN" "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd"> <vs> <session-tracking use-cookies="false" use-url-rewriting="true"/> <web-app uri="/SessionServlet" dir="/installs/iplanet/iws6/WWW/SessionServlet"/> </vs> To change the web containers use for a web application you can edit the file as follows: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN" "http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd"> <vs> <web-app uri="/SessionServlet" dir="/installs/iplanet/iws6/WWW/SessionServlet"> <session-tracking use-cookies="false" use-url-rewriting="true"/> </web-app> </vs> Following either change you will need to restart the Web server. The web-apps.xml file properties are briefly described in the Web Server's programmer's guide as linked in the References section of this article.
ExampleThe example in SessionServlet.war uses a context root of /SessionServlet to reference the static HTML file. Therefore, if you are deploying the WebARchive(WAR) file using iPlanet Web Server, use the option "-u /SessionServlet" with wdeploy, or set the Application URI to "/SessionServlet" in the Administration Tool.Invoking the servlet using "/SessionServlet/SessionServlet" creates a session if one does not already exist, and redirects using the URL encode method encodeRedirectURL to a static HTML file "/SessionServlet/Final.html". If cookies cannot be used then this example will show the "jsessionid" in the URL, else it will create a cookie in the cookie store. Note: When the servlet creates a cookie the URL is also rewritten. If the cookie exists then the URL rewriting does not take place. ReferencesiPlanet Web Server, Enterprise Edition Programmer's Guide: Chapter 6 Session Managers iPlanet Web Server, Enterprise Edition Programmer's Guide: Chaper 2 Configuration Files Java Blueprints for Enterprise Applications - session state in the web tier Java Blueprints for Enterprise Applications - The EIS tier Java Blueprints for Enterprise Applications - session state in the client tier Java Blueprints for Enterprise Applications - session state in the EJB tier The Java Tutorial - Session Tracking | |||||||||||||||||||||||||||||||||||||||
| | |||||||||||||||||||||||||||||||||||||||
