Each session is a memory area that persists from one request to another. The following information concentrates on aspects of session support that are specific to Java(TM) applications. For more general information on sessions including how sessions are established in the application logic layer, see How session management works.
Java applications run in a session environment. That is, there must be a session established between the client and server before the client can perform any operation and a session established between the application presentation layer and the application logic layer before the application presentation layer can request a business process. The logon process does this. This process generates a unique session ID that is used to maintain the session in both layers.
The Client/Server Mechanism supports session management using either cookies or the jsessionid attribute. The server saves a reference to the session object that currently manages a session in the session table. The session object is an HttpSession object. If cookies are enabled, session management are done through cookies. If cookies are not enabled, the Client/Server Mechanism passes the HTTPSession ID as the value of the jsessionid attribute in the request URL.
If the application is using cookies, the CSClient stores the cookies in CSConnectionCookies. When the CSClient receives a response, it updates CSConnectionCookies with any new cookies received from the server. The storage policy that CSConnectionCookies uses is incremental so that it stores all cookies received from or sent to servers. This policy means that it cannot lose any cookies. Currently, the CSClient sends all cookies with any client request. Note that CSConnectionCookies does not have a timeout policy implemented to remove old cookies.
The CSServer receives the session request and handles it like any other request. That is, it invokes the appropriate process in the application logic layer. If the request is to establish a session, the CSServer passes the session ID back to the CSClient.
If an error occurs while establishing a session in the application presentation layer, the application re-does the establish session request. However, once a session has been successfully established, the Client/Server Mechanism is responsible for trying to re-establish the session if an error on the connection occurs or if the session times-out due to inactivity. It makes repeated attempts until it succeeds or until the maximum number of reconnect attempts has been reached. At that point, it logs a system event and performs any necessary cleanup.
If problems develop during the closing of the session, the Client/Server Mechanism ensures that the session is closed in the application presentation layer.
The toolkit leverages the WebSphere(R) Application Server to handle session time-outs.