Problems creating or using HTTP sessions

Note that To view and update the Session Manager settings discussed here, use the administrative console. Select the appserver that hosts the problem application, then under Additional properties, select Web Container, then Session manager.

What kind of problem are you having?

If your problem is not described here, or none of these steps fixes the problem...


HTTP Sessions are not getting created, or are lost between requests

By default, the Session Manager uses cookies to store the session ID on the client between requests. Unless you intend to avoid cookie-based session tracking, ensure that cookies are flowing between WAS and the browser...


HTTP Sessions are not persistent

If your HTTP sessions are not persistent, that is session data is lost when the appserver restarts or is not shared across the cluster...


Session is shared across multiple browsers on same client machine

This behavior is browser-dependent. It varies between browser vendors, and also may change according to whether a browser is launched as a new process or as a subprocess of an existing browser session (for example by hitting Ctl-N on Windows).

The Cookie maximum age property of the Session Manager also affects this behavior, if cookies are used as the session-tracking mechanism. If the maximum age is set to some positive value, all browser instances share the cookies, which are persisted to file on the client for the specifed maximum age time.


Session is not getting invalidated immediately after specified Session timeout interval

The SessionManager invalidation process thread runs every x seconds to invalidate any invalid sessions, where x is determined based on the Session timeout interval specified in the Session manager properties. For the default value of 30 minutes , x is around 300 seconds. In this case, it could take up to 5 minutes (300 seconds) beyond the timeout threshold of 30 minutes for a particular session to become invalidated.


Unwanted sessions are being created by jsps

As required by the JavaServer Page specification, jsps by default perform a request.getSession(true), so that a session is created if none exists for the client. To prevent jsps from creating a new session, set the session scope to false in the jsp file using the page directive as follows

<% @page session="false" %>

For current information available from IBM Support on known problems and their resolution, see IBM Support page.

IBM Support has documents that can save you time gathering information needed to resolve this problem. Before opening a PMR, see IBM Support page.


See Also

Troubleshooting by component: What is not working?