Maintain session across subdomains
Hey all
I am working on a website that utilizes session data. The problem is that session data does not seem to be shared over subdomains. For example, my website
is available at.
http://mysite.com
and
http://www.mysite.com
the DNS points to the exact same place, they are the same website. But if you login on one, your session information isn't available on the other. For now as a workaround I just added a redirect in my application.cfm that says if you arn't on the www version, go to it but that seems rather hackish. Am I missing something? Is there an easy way to say a persons session is valid for the domain and all subdomains?
Not the answer to your question, but SEO best practices say you should pick one or the other (with or
without WWW) and permanently redirect the one you didn't pick to the other at the web server (Apache/IIS) level. Search engines will pentalize you if
you don't because they see http://mysite.com/index.cfm and http://www.mysite.com/index.cfm as two different pages.
Similar Messages
-
MAintain session across multiple DB Adapters.
Hi,
I am using a BPEL process which has multiple DB Adapters.
As far as I understand each DB Adapter call from BPEL is a different session.
Is there any way to maintain a same session across multiple DB Adapter calls i.e to make multiple DB calls in the same session?
thanks,
CDYes this is supported.
You'll have to take a look at the support for XA (distributed transactions).
See this thread for some good links to other info.
Re: DB Rollback Questions for 10.1.3.1 and 10.1.3.3 -
Maintaining session across multiple browser windows and page refreshes
Hi there,
We're currently developing a Flex application with a couple of session-related requirements that we're not sure how to solve. Before we jump in and maybe go about things in the wrong way, I thought I'd post and see if anyone here knows of some elegant solutions!
Currently, when our Flex app starts the user is presented with a log-in screen which authenticates the user against our server. Client-server communication is done through BlazeDS.
Our first requirement is the ability to open a new browser window from Actionscript - this window will load a pdf document. The servlet that serves this pdf should deny the request if the user is not already logged in. The only way we can see to do this so far is to open the pdf url using navigateToUrl() with the '_blank' target, passing a jsessionid token as a url parameter. Is there a better way to preserve session state when opening a new window?
The second requirement is to preserve some application and session across browser refreshes. Our Flex app has several screens that the user can tab between. If the user hits F5 or the refresh button in their browser, we'd like the app to return to the same screen after the refresh. I've been looking into using BrowserManager to add a fragment such as #screen=2 to the url, but of course we only want the app to display screen 2 if the user has already authenticated with the server. Is there a way to reuse the user's existing session credentials after a page refresh?
Many thanks in advance for any advice anyone can offer on this. It could very well be that we're missing something about how BlazeDS uses / exposes session credentials that would make all of this easier to implement than we currently realise!We use javascript to pass values between a 'data look up' window and the originating Servlet. If this is of any use, I can send you some examples.
-
Maintaining session across multiple browsers
Hello All,
We have an application that runs using Apache Struts. One of the requirements is to pop-up a "data look up" window, i.e. a new browser window. The problem is, when I start this window any communication between this new window and server happens on a brand new session. I would like to maintain the same session as the parent window. Any ideas?We use javascript to pass values between a 'data look up' window and the originating Servlet. If this is of any use, I can send you some examples.
-
Maintaining Transactions Across JSP Pages
Hi,
I have a multi page Registration (3 steps). On each step data submitted is taken
to the database via an EJB component (Session Bean). How do I maintain a transaction
across these JSP pages (i.e. either in the EJB or in the jsp) so that the data
in the database is consistent? So if there is a problem in the 3rd step the data
submitted in the first two steps should be rolled back.
Can I use a statefull session beans, which will maintain a database connection
created during the first step, so that I can use the same connection for steps
2 & 3. In the first step after getting the database connection I will begin a
transaction and insert the first part of the data, then this connection will be
maintained by the statefull session and used for steps 2 & 3. At the end I will
commit the transaction. Will this work?
How do I maintain transaction across multiple pages? Is there is any standards
for this scenario where the transaction is maintained across multiple pages. I
cannot carry data across the jsp pages because of the complex data collected.
Any help appreciated.
Regards
-MohanRajYou can not and should not do it the way that you are proposing. Keeping a transaction
open across any interaction with the user is a big mistake. Transactions are scarce
resources. They need to be short. You will need to collect the data from the three
pages in the servlet itself. You can use the HTTPSession, or hidden fields in
the forms. Only after all of the data is collected should you begin a transaction
and update the database. Alternatively, you could store the partial data in a
temporary database table, and move it to a permanent table when all of the data
has been provided. -
Maintaining Transaction Across Multiple JSP Pages
Hi,
I have a multi page Registration (3 steps). On each step data submited is taken
to the database via an EJB component (Session Bean). How do I maintain a transaction
across these JSP pages so that the data in the database is consistent. If a there
is a problem in the 3rd step the data submitted in the first two steps should
be rolled back.
How do I maintain transaction across multiple pages.
Regards
-MohanRaj
It will take from several minutes to a long time for a user to complete a multiple page registration process. Do you really have enough database connections that each concurrent user can hold on to one?
Usually you cannot open more than 50-200 connections to a database at any given time.
Remember that some users will abandon the registration process. Can you afford that their sessions holds a db conenction until the session times out?
Consider changing your datamodel so you can run and commit a transaction at the end of processing the form data from a page. Immediately after the commit give the db connection back to the pool inside the app. server.
It can be as simple as having a column in the database of type enum, with a set of values that shows how far in the registration process the registration has procesed.
BTW. if you absolutely have to hold on to the db connection, you can stuff it into a session scoped attribute and it will be available on all pages. -
Cisco ace Load balancer not maintaining session persistence
Hi All,
We have observed from the IIS logs on the internal webservers that loadbalancer is not maintaining session persistence for two specific request for the internal servers.
https://123.xyz.com/Webresource.axd
https://123.xyz.com/ScriptResource.axd
Error
Webresource.axd : 500
Scriptresource.axd: 404
Session persistence is maintained for all other requests hitting loadbalancer.
Issue is observerd on hits for these two specified components. WebResource.axd and ScriptResource.axd are Http Handlers used by ASP.NET and Ajax to add client-side scripting to the outgoing web page.
For e.g /WebResource.axd d=t2GXfySdqWmJ-lZSI0KVbw2&t=634868473645172160 is valid for server 1 and return 200 response but the same request is seen on few other servers where the response is 404 even though load balancer cookie is same. This means that if the request for the both the axd contains a valid decrypter and it connects to the right server then the response seen is 200.
The url passed by the user contains d and t parameters when are unique for each user session.
Solution tried:
Accessed website via another VIP without http redirect rule but could not see difference.
Tried to match machine key across all servers : Failed . Could see the ‘d’ value different for each server.
Load balancer VIP :
x.x.x.x
redirect: http > https
SSL Offload : ON
Poool:
WEB1
WEB2
WEB3
WEB4
WEB5
All servers listening on port 80
sticky config:
sticky ihttp-cookie cookie1 vip-1.1.1.1-80-stickyfarm
cookie insert browser-expire
replicate sticky
serverfarm vip-1.1.1.1_80
sticky http-cookie cookie1 vip-farm:1.1.1.1:443
cookie insert browser-expire
replicate sticky
serverfarm farm:1.1.1.1:443
Has anyone else come across similar issue?
Can you plese check if there is any config on cisco ace that will ensure that session persistence is maintained for these 2 requests.
Thank you for all the help.
regards,
SangramHello Sangram,
We would need simultanous packet traces before and after the ACE to get to the root cause of this issue so I would recommend that you open a cisco tac case for more in depth troubleshooing of this issue.
Joel Lamousnery
CCIE R&S - 36768
Engineer, Customer Support
Technical Services -
How to share a session across applications?
Hi
I am developing a web application. There will be two web applications (including mine) running in one servlet container. The user can navigate from one application to other and vice versa. We need to know how can we share a session across these applications. Any inputs in this regard will be helpful!You may be interested (& probably discouraged at the end) in this discussion http://forum.java.sun.com/thread.jspa?threadID=619170
cheers,
ram. -
Hello,
Does anyone know how to maintain session and application variables through server restarts? I want to be able to shutdown and startup my Tomcat server without having the users lose their session and application variables (and consequently, their data and login state).
Any ideas?
Thanks!
-DavidI dont think its possbile since stopping and restarting gets new sessions. Only way that I would know would be to use cookies.
But then again i dont like the idea of saving passwords in cookies -
Hi,
I am having trouble in maintaining session in jsp frames. -
Here is sample code
parent.jsp
<HTML>
<HEAD>
<LINK rel=stylesheet type="text/css" href="defaults.css">
<TITLE>abc</TITLE>
<%
String checkAmount = "100.00";
session.setAttribute("checkAmount", checkAmount);
System.out.println("checkAmount in ppmain"+session.getAttribute("checkAmount"));
%>
<FRAMESET rows="235,*" frameborder="no" >
<FRAME NAME="pptop" SRC="top.jsp" frameborder=0 scrolling=no noresize >
<FRAME NAME="ppbottom" SRC="bottom.jsp" frameborder=0 scrolling=no marginwidth=0 marginheight=0 noresize>
</FRAMESET>
</HTML>
top.jsp -
<HTML>
<HEAD>
<LINK rel=stylesheet type="text/css" href="defaults.css">
<TITLE>top</TITLE>
<%
System.out.println("session in top "+session);
System.out.println("checkAmount in top "+session.getAttribute("checkAmount"));
%>
</HTML>
It is not able to retain session in the top.jsp ( in SOP for session I get different session ID in parent.jsp and top.jsp
This Works well in local but when gets deployed to WAS6 server troubles starts.
Any help is appreciated.
ThanksWhen you create URLs, you might want to try using JSTL to rewrite them:
<FRAME NAME="pptop"
SRC="<c:url value='top.jsp'/>"
frameborder=0
scrolling=no
noresize >
<FRAME NAME="ppbottom"
SRC="<c:url value='bottom.jsp'/>"
frameborder=0
scrolling=no
marginwidth=0
marginheight=0
noresize>Or you can use:
SRC='<%= response.encodeURL("top.jsp") %>' -
Regarding maintaining session in flex
Hello,
I am developing a flex application which is using jsp for database connectivity. I am using HTTP request for connecting to jsp page and passing and retrieving parameters. Now I wanted to ask how can I maintain session in flex so that I can know which client has logged into the system and on the basis of that can assign privileges to the client. Is it possible in flex and how?Reply needed urgently.
Thanks in advance.Hi a.bhavika,
There is not specifically any session management in Flex as it runs everything on the client side if at all you want to mainatain you can maintain it on the server side. ...and I think for your case I dont think you need any session managemenet as at the time of login only you can identify which user has logged in to the syetem and based on the user logged in you can load all the previleges of that particular user in the Flex application.
Check out the links below for your understanding...
http://www.forta.com/blog/index.cfm/2006/9/24/flex-and-session-state-management
http://www.assembla.com/wiki/show/romoz/Session_Management_in_Flex
Thanks,
Bhasker -
Maintain session in Multiple soap calls
Hi Experts,
We have an requirement which runs 2 synchronous calls.
1st synchronous cal is for validating user credentials and
2nd synchronous call (for successful log in) for uploading data in R/3 system.
The main task is to maintain session(ex: time 15 mins) .
1st synchronous call looks like Mobile Application (soap sender)<--->PI<----->(Soap receiver)Active Directory.
2nd synchronous call looks like Mobile Application (Soap sender)<--->PI<----->(Proxy)R/3 system.
can you pls let me know how can I achieve this requirement and
how to maintain session ID, session (is it in PI or in third party) and from where to maintain session.
Thanks in Adv..I am calling multiple web service apis from my bpel process on the same link. The Web services are written such that I always have to call a "login" api first which creates a context that's maintained throughout the session. Thus subsequent ws calls have to be made in the same session because all the other web service apis require the context to be present.
You can think of this as a stateful SessionBean (sort of).
The question is does bpel support this? -
Maintaining Sessions through Multiple Servlets and Contexts
Hi,
I have a webapplication that works like this:
* User connects to a login servlet on HTTPS
* Users information is authenticated on HTTPS
* An object is stored in the session for other servlets to validate the users access
* Authenticated users are forwarded to an HTTP page where the session is used to make sure they were granted access
My problem is this....Since I create the session in an HTTPS context, when I am in the HTTP context, I am unable to access the session and constantly get NULL. Is there any way that I can access the session from an HTTP context?What you can do is, just login using HTTPS and switch over to HTTP
and then store data in session.That is true, but what I want in the session is basically a flag on whether or not the user was granted access. I would much rather set all that up on the secure line, and then just access it from the unsecure ones...
For example, you are creating session using the
http://testdev:port/index.jsp page.
If access the same page(with hostname)
http://10.300.20.18:8080/index.jsp, you can't get the session even
though both are same web server and same web application. Because the
browser treats it different sessionI think if you use my above solution with the explicit passing of the jsessionid, you can move from one domain to another and still maintain session. Not positive on that though... -
Sessions across Web Applications (WARs)
I've heard that you can't share session information (http session) across web applications or war files in the j2ee framework. However, I haven't seen any proof of this? I'm struggling to find information telling that I can't do this. Can someone elaborate a bit?
Thanks.Hi !
It is TOTALLY WRONG that someone wrote here that a
separate JVM is started for each web-app! No way. Run
any appserver and do a 'ps -ef|grep java' and I bet
you will see only one forever :-). Correct
Steve, it is the classloader hierarchy in all
appservers that prevents you from sharing sessions (i
would say classes loaded by various web-apps). There
is something called a web-app / WAR classloader, which
is 4th in the hierarchy of JVm classloader hierarchy.
Since all your web-app loaded classes are loaded by
this classloader and since each web-app has a "peer"
classloader at same level for its own web-app, you
will never be able to share across web-apps. Incorrect, just because you can have separate classloaders for separate web applications does not mean that those web applications cannot share instances.
It is also possible to have classes which are globally available to ALL web applications which are loaded as part of the servlet container. Tomcat versions 4+ have a common area where classes can be made available. These classes are not loaded within the Web Application classloader at all.
Not only that but it is possible to configure web application contexts such that they can also share things like sessions. This feature is definitely part of the Apache Tomcat release and as this is taken by Sun to be the Reference Implementation of the Servlet Container I would assume that is also part of the J2EE Standard as well.
YOu can always use the DB stuff that other genltmen
has already suggested. -
Hi,
I want to maintain session expire time in portal for my iViews both Porta components and Web Dynpro. Where can I set this value.
Please let me know
Thanks
Bobby MHi,
I'm sorry. Messed it up Go through Web Dynpro application needs to never expire..
Regards,
Satyajit.
Message was edited by:
Satyajit Chakraborty
Maybe you are looking for
-
Oracle 8i Installation Problem on w2000
Hi, I am trying to install Oracle 8i(8.1.7) downloaded from the OTN on a w2000 Pro computer. When I click on the install/Desisntall button, nothing happens and the installation windows is closed. Could someone helps me to resolve it ? Thanks. Yota
-
Is there any add-on, app or way of adding a photo flip book to iWeb. I've seen these and some look great but my web search only brought up PC versions. I thought this would be a great way to present our portfolio to prospective clients.If that's not
-
OBIEE Marketing Module 10g vs 11g
Hi all, I was wondering if you guys could help me. I've seen a lot of comparisons between both OBIEE 10g and 11g. However, what I'm trying to find are the differences between their Marketing modules, could anyone help me on that? Regards, Gonçalo
-
PR05 access Travel Manager and Expense Report screen
Hi, Can anyboy suggest how to use T Code PR05? 1. When I enter T Code PR05, first screen is for Travel Expense Manager. This screen is used by Manager to Approve or Reject Travel Expense Report. Then I have to click on create button to get into Trave
-
Why is apple tv streaming really bad?
I rented " man on ledge 23 days ago. It took many days just to get it play. The streaming was the worst. I checked my wifi connection and signal which were good. Terrible service.