httprequest - SRTServletRequest getSession(true) returns HttpSession with same sessionId -
i facing issue httprequest.getsession(true) - when called multiple times after invalidating session - returning session object new hashcode same session id.
set details -
jdk8 websphere9.0 application: 2 wars: 1 jsp servlet based app, second 1 angular2 spring based app requirement: between 2 wars deployed inside same bla ear, need share session, using ibmapplicationsession attribute , set calls - place httpsession being used
if working on pages part of jsp servlet jar app - below code able create new session different session id
1.httpsession session = request.getsession(false); //few other lines 2.session.invalidate(); //few other lines 3.session = request.getsession(true);
i.e. session @ end has different session id session invalidated
however if go war has angular2 , spring based application - create instance of ibmapplicationsession store attributes (get , set attributes call) -- , come war has jsp based application - same lines of code giving totally different , strange behavior - third line giving different session object 1 on line#1 (hash code different) sessionid remains same on object
application dealing session based on sessionid - since sessionid remains same creating major trouble us.
can please me know how come session being created same id when calling request.getsession(true). noted request implementation srtservletrequest part of websphere plugin com.ibm.ws.webcontainer jar
thanks in advance suggestions
after bit of research found below text - helps me explain nature of ibmapplicationsession
the benefit using ibmapplicationsession method each web module can maintain own session , have reference shared session. in other words, multiple requests clients, each specifying unique web application, result in multiple sessions shared session id. can invalidate of sessions share session id without affecting other sessions. if web application has session id in use, new requests clients reuse session id. after sessions session id invalidated, , if no web application using session id, new requests client not reuse session id.
in case session still active (and need keep active) in 1 application while going second application , vice versa. whenever trying create new session, sessionid remains same
Comments
Post a Comment