IBM WebSphere Session Management
The HTTP session API is an essential component in constructing interactive web sites. The session API of the Java Servlet specification provides a mechanism for associating a series of requests with a specific browser or user. This is required because the Hypertext Transfer Protocol (HTTP) employed for web browser to web server requests is a stateless protocol. As a result, a web server has no means of associating a series of requests with a specific browser or user. This chapter will expand on the coverage of HTTP session from Chapter 4, "Build and Deploy Procedures," by providing a brief overview of HTTP session and will then discuss the WebSphere Application Server (WAS) session management implementation, as well as the specifics of configuring the various session management options that exist in WAS.
Introduction to HTTP Session
It's almost impossible to visit any interactive web site today that does not make use of the HTTP session API. By providing multiple options for tracking a series of requests and associating those requests with a specific user, HTTP session allows applications to appear dynamic to application users. The most often cited example of HTTP session is the creation of a "shopping cart" for shoppers on a web site. In this example, information associating the user and their prior navigation through the web site and their selections are stored as objects in HTTP session. Once the users are ready to check out from the web site and purchase their selections, the application typically constructs a page composed of all the selected items stored in the "shopping cart." By maintaining application state between browser requests, HTTP session overcomes the default stateless behavior for HTTP requests.
The HTTP session API component of the Java Servlet specification provides a mechanism for web applications to maintain a user's state information, and this mechanism addresses some of the problems with other options for maintaining state, such as those based solely on cookies. This mechanism, known as a session, allows a web-application developer to maintain user state information on the server, while passing minimal information back to the user to track the session via one of three options: cookies, URL encoding, and SSL sessions.