Session management involves passing the session ID, sub-session
ID (if applicable), and session context instance ID from the application presentation
layer to the application logic layer. This enables the application logic layer
to chain the process context to the session context and makes the session
data available to the process. The following steps describe how the presentation
layer supports sessions when the presentation and application logic layers
are running on the WebSphere(R) Business Integration Server Foundation.
If they are not, the work area is not available and the application presentation
layer passes the session ID in the logon process invocation instead.
To avoid complexity, the steps treat the presentation layer, Business Process
Component, and CHA as black boxes and concentrates on the interaction between
them. Note that if the requests are running under a sub-session, the steps
remain the same. The only difference is that the work area or process request
must contain the ID of the session and the sub-session. The steps also assume
that cookies are enabled so that the WebSphere Application Server is performing
session management. See Session management without cookies for information
how sessions can be managed without using cookies.
When a user logs on using the default logon process, the following happens:
- A user enters a URL in a browser. This sends an HTTPRequest through the
CSEstablishSessionServlet.
- The application presentation layer creates an HTTPSession. It might also
start an ActivitySession.
- The application presentation layer displays the logon page.
- The user submits the logon request.
- The application presentation layer starts a work area and stores the session
information in it.
- The application presentation layer launches the logon process in the Business
Process Component and waits for a response.
- In the application logic layer, the Business Process Component retrieves
the session ID from the work area.
- The Business Process Component creates the logon context, and
chains it to the root context.
- The logon business process validates the logon information and
removes the logon context. If the logon information is valid, the logon process
will create the session context and chain it to the root context.
- The logon process returns session context instance ID to the
presentation layer.
- The application presentation layer ends the work area.
After the users logs on, the toolkit handles the user's subsequent
requests in the following way:
- The user sends a request to the application presentation layer.
- The application presentation layer starts a work area and stores
the session information in it.
- The application presentation layer launches the corresponding
business process in the Business Process Component and waits for a response.
- In the application logic layer, the Business Process Component
retrieves the session ID from the work area.
- The business process retrieves the session context and create
the process context. You can then chain this process context to the session
context.
- The Business Process Component runs the process. When the process
flow ends, the Business Process Component creates a response, which includes
the session context instance ID.
- The Business Process Component sends the response to the application
presentation layer.
- The presentation layer update the session entry in session table
if the session context was changed.
- The application presentation layer ends the work area.
When the user submits a logoff request, the application presentation
layer adds the additional steps of sending a cleanup request to the application
logic layer, invalidating the HTTPSession, and, if it is using an ActivitySession,
ending that session. The cleanup request cleans up the session on the application
logic layer. That is, the CHA removes the session context from the CHA hierarchy
and the Business Process Component performs any other additional logic needed
to cleanup the session.