Skip navigation
Currently Being Moderated

Session Management on BlazeDS

Jun 14, 2009 12:39 PM

Hi everybody

I have got a problem about session management on blazeds.

First of all I read all the stuff about HttpSession and HttpClient on BlazeDs guide.

However I can not still figure out what is going wrong about my project.

I am using Flex Session

 

FlexSession session = FlexContext.getFlexSession();

 

After creating session Whenever I close my browser (Chrome, IE , Firefox). The session automatically expires.

And then when ever I reopen my browser I get another Session ID

 

FlexSession created: C84C55BDD97BE6B1252AE752D6901C27

 

I can log this new Session id from SessionListener.

 

Awkwardly this happens when I close whole tabs (The browser program at all). In contrast When I open a few tab and then close one of them, because of my setting on serverside Session does not expires as expected.

 

Could you help me why I couldnt get the same session after reopen browser.

 

By the way I also couldn't get below log when closing browser

 

FlexSession expired: C84C55BDD97BE6B1252AE752D6901C27

 

I didnt change any js code in the html page.

 

Thank you very much

 
Replies
  • Currently Being Moderated
    Jun 15, 2009 4:35 AM   in reply to onuratamer

    Hi. J2EE sessions are created on the server. When the server gets a request from the client it checks the request for a session identifier. The session identifier or session ID is usually sent as a cookie header or as a parameter on the request URL. If the request doesn't have a session identifier the server creates a new session and then sends the session ID for the new session with the response. It's the responsibility of the client/browser when it gets the response to retrieve the session identifier and then send it with all requests that are made to the server in the future. This is how the session is maintained between the client and the server.

     

    Sessions are not usually persisted by the browser meaning that when the browser is closed, the session identifier is not stored. The next time you launch the browser and make a request back to the server where you had a session, no session ID will be sent with the request so the server will create a new session for you. Browsers all behave a little differently so it would be good for you to understand how your browser manages sessions. With Firefox, for example, I believe that multiple browser windows share the same session and it's not until the last browser window is closed that the session is lost. Tabs within the same browser window also share the same session. Internet Explorer behaves differently depending on how the browser was launched. Browser windows that were launched from the same process (using CTRL-N from within IE for example) share the same session but when browser windows are launched from different processes (launching IE from the Windows start menu for example) each window will have its own session.

     

    When the browser gets closed on the client the session identifier is lost but the server doesn't know that a client with that session indefier is not coming back so it keeps the session on the server for awhile. The session timeout is configurable on the server and will differ depending on the type of application. With an application where security is important the session timeout might be just a couple of minutes which will force users to login to the application again if they have been inactive for a short amount of time. For applications where security is less of a concern, the session timeout could be 30 minutes or more. This allows clients to leave the application idle for awhile and then come back and continue to use the application without logging in again.

     

    Everything you've described seems consistent with how J2EE sessions work. The inconsistencies with how the session is maintained on the client (whether browser window is closed, tab is closed etc.) has to do with how browser vendors have implemented this functionality and is out of our control. Some browsers (I know Firefox does, IE 8 may as well) have an option to restore the last active session when the browser is launched so that might be your best bet if you don't want the session to go away when the browser is closed. You also would need to consider the session timeout on the server however. Even if the browser stored the session ID and resent it to the server the next time it was launched (how I imagine that functionality would work) the server would still need to have that session around (not have expired it) or the session data on the server would have been lost. The reason you don't get a FlexSession expired message when the browser is closed is that session hasn't expired on the server. When the session expires on the server you will see that message.

     

    Hope that helps.

     

    -Alex     

     
    |
    Mark as:
  • Currently Being Moderated
    Apr 7, 2010 10:05 PM   in reply to onuratamer

    Is there any way to have only one flex client per flex session?

     

    Thanks,

     
    |
    Mark as:
  • Currently Being Moderated
    Aug 4, 2010 10:17 AM   in reply to milan.jagatiya

    Not sure will this help you or not

     

    Did you tried playing with remote-config.xml. In this xml file you can maintain your application session by adjusting the scope tag.

     

    Ex

    <scope>application</scope>

    <scope>session</scope>


        <destination id="remoteUpload">
            <properties>
                <source>test.Main</source>
            <scope>application</scope>
            </properties>
        </destination>

     

     

    Nazeer

     
    |
    Mark as:

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points