Scenarios to Avoid When Using Sessions Use Serializable Attribute Values
10.6.11.1 Scenarios to Avoid When Using Sessions
Do not use session persistence for storing long-term data between sessions. In other words, do not rely on a session still being active when a client returns to a site at some later date. Instead, your application should record long-term or important information in a database. Sessions are not a convenience wrapper around cookies. Do not attempt to store long-term or limited-term client data in a session. Instead, your application should create and set its own cookies on the browser. Examples include an auto-login feature that allows a cookie to live for a long period, or an auto-logout feature that allows a cookie to expire after a short period of time. Here, you should not attempt to use HTTP sessions. Instead, you should write your own application-specific logic.10.6.11.2 Use Serializable Attribute Values
When you use persistent sessions, all attribute value objects that you add to the session must implement java.io.Serializable. If you add your own serializable classes to a persistent session, make sure that each instance variable of your class is also serializable. Otherwise, you can declare it as transient, and WebLogic Server does not attempt to save that variable to persistent storage. One common example of an instance variable that must be made transient is the HttpSession object. See the notes on using serialized objects in sessions in the section Section 10.6.11, Making Sessions Persistent . The HttpServletRequest, ServletContext, and HttpSession attributes will be serialized when a WebLogic Server instance detects a change in the Web application classloader. The classloader changes when a Web application is redeployed, when there is a dynamic change in a servlet, or when there is a cross Web application forward or include. To avoid having the attribute serialized, during a dynamic change in a servlet, turn off servlet-reload-check-secs in weblogic.xml. There is no way to avoid serialization of attributes for cross Web application dispatch or redeployment. See Section B.13.6, servlet-reload-check-secs .10.6.11.3 Configuring Session Persistence
Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope and Audience Guide To This Document
» Servlets and Java EE What You Can Do with Servlets
» JSPs and Java EE What You Can Do with JSPs Overview of How JSP Requests Are Handled
» Related Documentation New and Changed Features In This Release Web Application Security
» Avoiding Session Fixation Attacks in Programmatic Login Avoiding Redirection Attacks
» Step One: Create the Enterprise Application Wrapper Step Two: Create the Web Application
» Servlet Mapping Configuring Servlets
» Setting Up a Default Servlet Servlet Initialization Attributes
» Writing a Simple HTTP Servlet
» Advanced Features Complete HelloWorldServlet Example
» Usage Tracking a Request Handle Footprint
» WebLogic JSP and Java EE Configuring Java Server Pages JSPs Registering a JSP as a Servlet
» Configuring JSP Tag Libraries Configuring Welcome Files
» Customizing HTTP Error Responses Determining the Encoding of an HTTP Request
» JavaServer Faces JSF JavaServer Pages Standard Tag Libraries JSTL
» Referencing External EJBs More about the ejb-ref Elements
» Referencing Application-Scoped EJBs Oracle Fusion Middleware Online Documentation Library
» Configuring WebLogic Server to Use CGI
» Web Component Classes That Support Annotations
» Initializing a Servlet when WebLogic Server Starts Overriding the init Method
» Serving Resources from the CLASSPATH with the ClasspathServlet Providing an HTTP Response
» Methods for Using the HTTP Request Example: Retrieving Input by Using Query Parameters
» Setting Cookies in an HTTP Servlet Retrieving Cookies in an HTTP Servlet
» Forwarding a Request Including a Request
» Setting Up a Proxy to a Secondary Web Server
» Sample Deployment Descriptor for the Proxy Servlet
» Using WebLogic Services from an HTTP Servlet Threading Issues in HTTP Servlets Clustering Servlets
» Referencing a Servlet in a Web Application URL Pattern Matching
» doRequest doResponse doTimeOut Abstract Asynchronous Servlet
» Future Response Servlet A Future Response Model for HTTP Servlets
» HTTP Session Properties Session Timeout Configuring WebLogic Server Session Cookies
» Configuring Application Cookies That Outlive a Session Logging Out
» Configuring JDBC-based Persistent Storage
» Caching and Database Updates for JDBC Session Persistence Using Cookie-Based Session Persistence
» Coding Guidelines for URL Rewriting URL Rewriting and Wireless Access Protocol WAP
» A History of Session Tracking Tracking a Session with an HttpSession Object
» Lifetime of a Session How Session Tracking Works
» Detecting the Start of a Session Setting and Getting Session NameValue Attributes
» Configuring Session Tracking Using URL Rewriting Instead of Cookies
» Scenarios to Avoid When Using Sessions Use Serializable Attribute Values
» How the Pub-Sub Server Works
» Channels Message Delivery and Order of Delivery Guarantee
» Creating the weblogic-pubsub.xml File
» Overview of the Main API Classes and Interfaces
» Getting a Pub-Sub Server Instance and Creating a Local Client Publishing Messages to a Channel
» Programming the Message Filter Class Configuring the Message Filter Chain
» Updating a Browser Client to Communicate with the Pub-Sub Server
» Overriding the Default Servlet Mapping of the pubsub Java EE Library
» Specify Access to Channel Operations Restricting Access to All Channel Operations
» Map Roles to Principals Configure SSL for Pub-Sub Communication
» Use AuthCookieEnabled to Access Resources Locking Down the Pub-Sub Server
» Configuring JMS as a Handler
» Configuring Persistent Channels Advanced Topic: Persisting Messages to Physical Storage
» Declarations Scriptlets Oracle Fusion Middleware Online Documentation Library
» Expressions Example of a JSP with HTML and Embedded Java
» Instantiating the JavaBean Object Doing Setup Work at JavaBean Instantiation
» Forwarding Requests Including Requests
» Expressions and Attribute Values
» JSP Expression Language Implicit Objects
» Literals Errors, Warnings, Default Values Operators Operator Precedence
» JSP Compiler Syntax JSP Compiler Options
» Using the JSPClassServlet Precompiling JSPs
» Configuring a Filter Configuring Filters
» Writing a Filter Class Filtering the Servlet Response Object Additional Resources
» Overview of WebLogic JSP Form Validation Tags Using WebLogic JSP Form Validation Tags in a JSP
» Sample JSP with Validator Tags
» Refreshing a Cache Flushing a Cache
» Repeat Tag Overview of the WebLogic EJB-to-JSP Integration Tool
» Basic Operation Interface Source Files
» Build Options Panel Troubleshooting
Show more