1

I'm using a load balancer with Tomcat7 and right now our HttpSession object always returns a new session. My guess is that the information that binds the browser to the server isn't being sent to the server.

Is the session mapped by a token set in a cookie client-side? If so, is this sent in the HTTP header with each request? And if so, what does it look like?

Jason
  • 11,310
  • 13
  • 63
  • 115
  • The load balancer should maintain the session ID throughout requests when connecting through the load balancer in a browser. Which LB are you using, how have you configured it, and how are you connecting? – Kon Apr 02 '14 at 16:04
  • Take a look at http://en.wikipedia.org/wiki/Session_ID – Loc Apr 02 '14 at 16:04
  • Its stored in cookie with key `jsessionid`. Read about [Under what conditions is a JSESSIONID created?](http://stackoverflow.com/questions/595872/under-what-conditions-is-a-jsessionid-created) – Braj Apr 02 '14 at 16:06

1 Answers1

2

Every time you connect to the server initially a jsessionid is generated and saved to a cookie on the client side. That jsessionid is what identifies your session on the server. So, HttpSession object is generated on the server side which contains all the details of your particular session until it expires. Yes the jsessionid is sent every time you send a request to the server. The only way this is thwarted is if the browser isn't allowing the saving of cookies. In which case, there are other mechanisms that can still ensure that the jsessionid is retained. That's my understanding of the process anyway. Hope this helps.

Alan
  • 814
  • 1
  • 13
  • 38