Hitachi

uCosminexus Application Server Expansion Guide

6.4.2 Processing when executing a request

This subsection describes creating, updating, and deleting a global session when executing a request, and inheriting a global session.

If processing is executed in a Web application, processing for global session information occurs as an extension to the processing. The following table describes examples of processing executed in Web applications, processing executed for global session information at the time of executing requests corresponding to the example, and reference locations.

Table 6‒12: Examples of processing in Web applications and mapping of processing executed for global session information

Sr. No.

Example of processing executed in Web applications

Processing executed for global session information

Reference location

1

Login

Creating global session information

(1)

2

Executing work (page transition/update)

Updating global session information

(2)

3

Logout

Deleting global session information

(3)

4

Logout due to timeout

Deleting global session information due to expiry of validity

6.4.3

5

Executing work after inheriting a global session on another J2EE server

(when a failure occurs on a J2EE server)

Inheriting session information that uses global session information

(4)

For processing results when a failure occurs during global session information operation, see 6.4.6 Operations performed when a failure occurs during global session information operation.

Organization of this subsection

(1) Creating global session information

When a new HTTP session is created on a J2EE server, global session information is created in the database.

The following figure shows the flow of processing executed when creating global session information.

Figure 6‒2: Creating global session information (the database session failover functionality)

[Figure]

  1. If an HTTP session receives the necessary request, a new HTTP session is created. An HTTP session is created when the HttpSession object is newly acquired by using the getSession() method or the getSession(true) method of the javax.servlet.http.HttpServletRequest interface in a Web application.

    Because HttpSession objects are also created in the following cases, a new HTTP session is created:

    • If you use the Form authentication

    • If you specify true in the session attribute of the page directive in JSP

    • If you omit specification of the session attribute of the page directive in JSP

  2. The Global session information is created in the database as an extension to the HTTP session creation processing. Created global session information is stored in the session information storage table.

    The global session information is locked at the time of creation.

  3. Blank record information is updated with the creation of global session information.

  4. Created global session information is committed once.

    If integrity mode is enabled, a lock is acquired again. This is performed to avoid generation of inconsistency between the session information storage table and blank record information tables due to occurrence of a failure on a J2EE server or in a database, on which a Web application is running, after the HTTP session is created.

  5. The HTTP session is updated when the processing in a Web application completes.

  6. Global session information is updated as an extension to HTTP session update processing. If integrity mode is enabled, the lock is released after completing the update.

Important note
Operations performed when the amount of global session information reaches the upper limit

Reduce the HTTP session if the amount of global session information in the database reaches the upper limit when creating global session information. For details on reducing an HTTP session, see 5.7.3 Reducing an HTTP session.

If the amount of global session information in the database reaches the upper limit when integrity mode is enabled, java.lang.IllegalStateException is thrown and acquiring the HTTP session fails.

If you specify true in the webserver.session.max.throwHttpSessionLimitExceededException parameter in the <configuration> tag of a logical J2EE server (j2ee-server) in the Easy Setup definition file, com.hitachi.software.web.session.HttpSessionLimitExceededException is thrown instead of java.lang.IllegalStateException. For details on HttpSessionLimitExceededException, see 3.1 Exception classes in the uCosminexus Application Server API Reference Guide.

To Page Top

(2) Updating global session information

When a session is updated during execution of a Web application, the HTTP session is updated on the J2EE server. At the same time, global session information in the database is also updated.

The following figure shows the flow of processing executed when updating global session information.

Figure 6‒3: Updating global session information (the database session failover functionality)

[Figure]

  1. Receive the request having an HTTP session.

    If integrity mode is enabled, global session information in the database is locked before executing a Web application.

  2. Along with updating of the session in a Web application, the HTTP session is updated.

  3. The global session information in the database is updated to the latest information when the HTTP session is updated.

    If integrity mode is enabled, the lock is released.

For details on the Operations performed when global session information is locked, see 6.4.5(1) Result of invoking lock acquisition processing when acquiring a lock.

To Page Top

(3) Deleting global session information

If you implement the invalidate() method of the javax.servlet.http.HttpSession interface in session deletion processing in a Web application and explicitly delete an HTTP session, global session information in the database is deleted as an extension to that processing.

The following figure shows the flow of processing executed when deleting global session information.

Figure 6‒4: Deleting global session information (the database session failover functionality)

[Figure]

  1. Receive a request indicating that an HTTP session needs to be deleted.

    If integrity mode is enabled, global session information in the database is locked before executing a Web application.

  2. Along with deleting the session in a Web application, the HTTP session is deleted.

  3. The global session information and the blank record information in the database are deleted when the HTTP session is deleted.

    If integrity mode is enabled, the lock is released.

To Page Top

(4) Inheriting session information that uses global session information

If an HTTP session, associated with the received request, does not exist on the J2EE server, an HTTP session is created again by using the global session information in the database. This inherits the session.

The following figure shows the flow of processing executed when inheriting session information that uses global session information.

Figure 6‒5: Inheriting session information that uses global session information (the database session failover functionality)

[Figure]

  1. If an HTTP session, associated with the received request, does not exist on the J2EE server, an HTTP session is created again on the J2EE server by invoking the global session information in the database.

    The re-created HTTP session inherits the session and executes session update processing in a Web application. The HTTP session is updated as an extension to session update processing.

  2. Along with updating of the HTTP session, global session information is updated.

If inheriting of the global session information is successful, the KDJE34321-I message is output to the message log. If global session information could not be inherited because the global session information corresponding to the session ID, which is received from the client, does not exist in the database, the KDJE34325-W message is output to the message log.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2022, Hitachi, Ltd.