10 Using Sessions and Session Persistence 10-1 10 Using Sessions and Session Persistence The following sections describe how to set up and use sessions and session persistence: ■ Section 10.1, Overview of HTTP Sessions ■ Section 10.2, Setting Up Session Management ■ Section 10.3, Configuring Session Persistence ■ Section 10.4, Using a Database for Persistent Storage JDBC Persistence ■ Section 10.5, Using URL Rewriting Instead of Cookies ■ Section 10.6, Session Tracking from a Servlet

10.1 Overview of HTTP Sessions

Session tracking enables you to track a users progress over multiple servlets or HTML pages, which, by nature, are stateless. A session is defined as a series of related browser requests that come from the same client during a certain time period. Session tracking ties together a series of browser requests—think of these requests as pages—that may have some meaning as a whole, such as a shopping cart application.

10.2 Setting Up Session Management

WebLogic Server is set up to handle session tracking by default. You need not set any of these properties to use session tracking. However, configuring how WebLogic Server manages sessions is a key part of tuning your application for best performance. When you set up session management, you determine factors such as: ■ How many users you expect to hit the servlet ■ How long each session lasts ■ How much data you expect to store for each user ■ Heap size allocated to the WebLogic Server instance You can also store data permanently from an HTTP session. See Section 10.3, Configuring Session Persistence .

10.2.1 HTTP Session Properties

You configure WebLogic Server session tracking by defining properties in the WebLogic-specific deployment descriptor, weblogic.xml. For a complete list of session attributes, see Section B.10, session-descriptor . 10-2 Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server In a previous WebLogic Server release, a change was introduced to the SessionID format that caused some load balancers to lose the ability to retain session stickiness. A server startup flag, -Dweblogic.servlet.useExtendedSessionFormat=true, retains the information that the load-balancing application needs for session stickiness. The extended session ID format will be part of the URL if URL rewriting is activated, and the startup flag is set to true.

10.2.2 Session Timeout

You can specify an interval of time after which HTTP sessions expire. When a session expires, all data stored in the session is discarded. You can set the interval in either web.xml or weblogic.xml: ■ Set the timeout-secs parameter value in the session-descriptor element of the WebLogic-specific deployment descriptor, weblogic.xml. This value is set in seconds. For more information, see Section B.10, session-descriptor . ■ Set the session-timeout element in the J2EE standard Web application deployment descriptor, web.xml.

10.2.3 Configuring WebLogic Server Session Cookies

WebLogic Server uses cookies for session management when cookies are supported by the client browser. The cookies that WebLogic Server uses to track sessions are set as transient by default and do not outlive the session. When a user quits the browser, the cookies are lost and the session ends. This behavior is in the spirit of session usage and it is recommended that you use sessions in this way. You can configure session-tracking parameters of cookies in the WebLogic-specific deployment descriptor, weblogic.xml. A complete list of session and cookie-related parameters is available in Section B.10, session-descriptor .

10.2.4 Configuring Application Cookies That Outlive a Session