Problem statement -
Session sharing between web applications is not happening. Each web application (war) gets a separate session id and cookie. For each JBoss session, unique ATG session-scoped components (e.g. Order and Profile) are getting created instead of being shared by all web applications.
Environment details where this issue is reproduced
Application server - JBoss EAP 4.3.0 CP10
ATG - ATG 9.4
Java version - JDK_1_6_0_27
Explanation of above problem with example -
sample_application.ear has 2 wars
common.war with "/" context
pharmacy.war with "/pharmacy" context
instead of having one jsession id, 2 jsesson id's are getting created
And session objects like "profile" and "order" are not getting shared between these modules.
Here is the snapshot of 2 separate session id's created for each module
Here is the snapshot of these jsession id's in GenericSessionManager in Nucleus component browser.
http://localhost:8080/dyn/admin/nucleus/atg/dynamo/servlet/sessiontracking/GenericSessionManager/
Expected behavior - A single instance of a session scoped component should be available to all web applications participating in session sharing. Each web application should use the same session id.
This issue exists even though parentContextName is defined in web.xml in each module.
In general, if parentContextName is defined, ATG should maintain session sharing between wars.
Reason -
There are 2 issues related to this -
1) Issue in JBOSS - Seperate JSESSION is being created for each domain.
https://issues.jboss.org/browse/JBWEB-107
" Currently the JSESSIONID cookie domain is set to the domain name of the Host that emits the cookie (e.g. www.domain.com). This is an issue with customers using Aliases (e.g. secure.domain.com, zzz.domain.com, etc.), as the session is lost when switching between the main domain and any aliases. In these cases, it would be useful to be able to specify the domain to be "domain.com" so the same JSESSIONID cookie is used across the aliases and converges to the same session."
Fix is already mentioned in https://issues.jboss.org/browse/JBWEB-107
i) Breifly - Deploy customvalve.jar in \jboss-eap-4.3\jboss-as\server\<servername>\deploy\jboss-web.deployer\
ii) And in jboss-eap-4.3/jboss-as/server/<servername>/deploy/jboss-web.deployer/server.xml, set cookie Domain to “.<your_domain>.com”
<Valve className="com.redhat.jboss.support.ConfigureSessionCookieValve" cookieSecure="false" cookieDomain=".<your_domain>.com" />
2) If emptySessionPath attribute in server.xml is false, then each web application will have its own jsessionid cookie.
http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html
"The issue is generally caused by the Tomcat/JBoss setting of the emptySessionPath attribute. This attribute defaults to true which allows all web applications to use the same jsessionid cookie (with cookie path of /). If this is set to false, each web application will receive its own jsessionid cookie (with a cookie path set to the context root of the web application)."
To fix this
The jboss-eap-4.3/jboss-as/server/<servername>/deploy/jboss-web.deployer/server.xml file and check the emptySessionPath setting. A setting of true will ensure that the jsessionid cookie will have a cookie path of / and all web-applications will use the same session id value.
Example -
Note: Information related to "emptySessionPath" setting is provided by Oracle ATG Support.
After having above 2 settings this issue is resolved.
Hope this helps!!
Session sharing between web applications is not happening. Each web application (war) gets a separate session id and cookie. For each JBoss session, unique ATG session-scoped components (e.g. Order and Profile) are getting created instead of being shared by all web applications.
Application server - JBoss EAP 4.3.0 CP10
ATG - ATG 9.4
Java version - JDK_1_6_0_27
Explanation of above problem with example -
sample_application.ear has 2 wars
common.war with "/" context
pharmacy.war with "/pharmacy" context
instead of having one jsession id, 2 jsesson id's are getting created
And session objects like "profile" and "order" are not getting shared between these modules.
Here is the snapshot of 2 separate session id's created for each module
Here is the snapshot of these jsession id's in GenericSessionManager in Nucleus component browser.
http://localhost:8080/dyn/admin/nucleus/atg/dynamo/servlet/sessiontracking/GenericSessionManager/
Expected behavior - A single instance of a session scoped component should be available to all web applications participating in session sharing. Each web application should use the same session id.
This issue exists even though parentContextName is defined in web.xml in each module.
In general, if parentContextName is defined, ATG should maintain session sharing between wars.
<context-param>
<param-name>atg.session.parentContextName</param-name>
<param-value>/dyn</param-value>
</context-param>
<context-param>
<param-name>atg.dafear.bootstrapContextName</param-name>
<param-value>/dyn</param-value>
</context-param>
<param-name>atg.session.parentContextName</param-name>
<param-value>/dyn</param-value>
</context-param>
<context-param>
<param-name>atg.dafear.bootstrapContextName</param-name>
<param-value>/dyn</param-value>
</context-param>
Reason -
There are 2 issues related to this -
1) Issue in JBOSS - Seperate JSESSION is being created for each domain.
https://issues.jboss.org/browse/JBWEB-107
" Currently the JSESSIONID cookie domain is set to the domain name of the Host that emits the cookie (e.g. www.domain.com). This is an issue with customers using Aliases (e.g. secure.domain.com, zzz.domain.com, etc.), as the session is lost when switching between the main domain and any aliases. In these cases, it would be useful to be able to specify the domain to be "domain.com" so the same JSESSIONID cookie is used across the aliases and converges to the same session."
Fix is already mentioned in https://issues.jboss.org/browse/JBWEB-107
i) Breifly - Deploy customvalve.jar in \jboss-eap-4.3\jboss-as\server\<servername>\deploy\jboss-web.deployer\
ii) And in jboss-eap-4.3/jboss-as/server/<servername>/deploy/jboss-web.deployer/server.xml, set cookie Domain to “.<your_domain>.com”
<Valve className="com.redhat.jboss.support.ConfigureSessionCookieValve" cookieSecure="false" cookieDomain=".<your_domain>.com" />
2) If emptySessionPath attribute in server.xml is false, then each web application will have its own jsessionid cookie.
http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html
"The issue is generally caused by the Tomcat/JBoss setting of the emptySessionPath attribute. This attribute defaults to true which allows all web applications to use the same jsessionid cookie (with cookie path of /). If this is set to false, each web application will receive its own jsessionid cookie (with a cookie path set to the context root of the web application)."
To fix this
The jboss-eap-4.3/jboss-as/server/<servername>/deploy/jboss-web.deployer/server.xml file and check the emptySessionPath setting. A setting of true will ensure that the jsessionid cookie will have a cookie path of / and all web-applications will use the same session id value.
Example -
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
emptySessionPath="true"
clientAuth="false"
strategy="ms"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="tc-ssl"
truststoreFile="${jboss.server.home.dir}/conf/server.keystore"
truststorePass="tc-ssl"
sslProtocol="TLS"/>
maxThreads="150" scheme="https" secure="true"
emptySessionPath="true"
clientAuth="false"
strategy="ms"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="tc-ssl"
truststoreFile="${jboss.server.home.dir}/conf/server.keystore"
truststorePass="tc-ssl"
sslProtocol="TLS"/>
Note: Information related to "emptySessionPath" setting is provided by Oracle ATG Support.
After having above 2 settings this issue is resolved.
Hope this helps!!
