Multiple Web Apps Sharing Session Cookie

Discussions

Web tier: servlets, JSP, Web frameworks: Multiple Web Apps Sharing Session Cookie

  1. Multiple Web Apps Sharing Session Cookie (9 messages)

    I have multiple web apps running in the same instance of my Weblogic server. It seems that when I get a request to a new Web App a new session is created. i.e. the current session is no longer valid. When I go back to the previous Web App the session for it has disappeared.

    Has anyone had experience with session management between multiple web app on the same server instance. Any help on how to get this to work would be great.

    Barry
  2. Barry,

    Tell me your problem in a nutshell to my emailid: prasathb at yahoo dot com and my name is Prasath Balakrishnan

    Ever since i had a problem with the session not getting passed from my JSP to servlet, I have learnt enough of session management. I think i can give u a solution in session management be it to the most of the problems.

    Prasath
  3. I experienced this same problem with WebSphere. Multiple Web apps within same application server were overwriting each others' sessions. We had session management being performed via cookies (vs. URL rewriting). The session management cookie name is configurable at the Web app level in WebSphere. All started off with the same cookie name. So each Web app writes a cookie with the same name which leads to the overwriting.

    We solved the problem through configuration policy. All Web apps would name their session management cookie based on the application name(a piece of info which can be obtained dynamically from code, so no need to hardcode a cookie name). This change needs to be made through your administrative console, or whatever mechanism is used to configure your server. Your session-checking code should also be changed to look for the cookie name corresponding to the app.

    So instead of AppA and AppB both reading/writing a cookie called "sessionid", AppA reads/writes a cookie called "AppASession" and AppB reads/writes a cookie called "AppBSession" and neither steps on the other!
  4. Do you know how to do this in Weblogic? It seems to me from the documentation that there is no way to name cookies differently for seperate Apps.
  5. I'm not familiar with WebLogic, unfortunately. From looking at some online doc (http://www.weblogic.com/docs51/admindocs/http.html#sessioncookies), you're right, it doesn't look like it allows you to configure cookie names at the Web app level. Maybe you can do something at the domain name level (kind of drastic)? Sorry.
  6. Try setting the session cookie name in your deployment descriptor for your web app.

    <context-param>
      <param-name>weblogic.httpd.session.cookie.name</param-name>
      <param-value>MyWebAppSession</param-value>
    </context-param>

    I don't know of a way to set it dynamically, but this will allow you to statically set session cookie names for each web app.

    From my understanding, you should be able to set any weblogc.* parameter that you can set in the weblogic.properties file in your webapp's web.xml by following the above convention.

    Let me know if this helps.

    Andy
  7. I have the same problem with webapps overwriting each others data. I can't find a field for entering the webapp session cookie name in the admin console (I've also searched the XMl config file without success). Is it an attribute value somewhere?
  8. Which version of WLS are you guys talking about, I have done it in 5.1 sp8, also it can be configured in 6.0.

    Are you using these versions?
  9. I am using WLS 5.1. Can you tell me hoew you were able to share the cookie across web apps?

    thank you.
  10. Has anyone actually solved the problem of sharing a session between web applications in a weblogic 5.1 clustered environment with iPlanet web proxy? If so, what is the answer?
    The problem is:
    I create a session on server 1.
    Kill the server 1 processes.
    send another request to the proxy from the browser passing back the session.
    The proxy looks for the original server, doesn't find it and switches over to server 2.
    Server 2 creates a new session and sets a new cookie instead of using the one it already has.