Distributed session support

Consider the following issues regarding how session management works within a distributed environment. Distributed environments include any environments in which requests are being handled by multiple Web servers, multiple application servers, or both.

Session support requires an affinity mechanism

For use in a distributed environment, objects placed in persistent sessions must be serializable.

To make your applications portable to a distributed environment, make any objects placed in a persistent session serializable. If you place an object that does not implement the Serializable interface, you lack a way to propagate the object with a given session, disallowing proper persistence among servlets in the cluster.

If failover support for the session is not required, you can avoid the requirement of implementing the Serializable interface in a distributed environment. Since the HTTP server's WebSphere plugin ensures session affinity, the plugin redirects all requests that refer to a given HttpSession object to the particular appliation server in which the session was initially created and resides.

In addition to java.io.Serializable objects, Session Manager also supports the placement of the following objects into HttpSession for distributable environments:

• javax.ejb.EJBObject
• javax.ejb.EJBHome
• javax.naming.Context
• javax.transaction.UserTransaction

EJBObject, EJBHome, and Context objects can be placed directly into HttpSession. For UserTransaction objects in clustered environments, use com.ibm.websphere.servlet.session.UserTransactionWrapper, which requires you to include the InitialContext object from which this transaction object was retrieved. If failover support for the session is not required, you can place the UserTransaction object directly into HttpSession.

Within a Web module that is marked as distributable, all objects that are placed into the session must implement the Serializable interface; otherwise, an IllegalArgumentException is thrown.

Session binding occurs on a certain application server in the cluster

When HttpSessionBindingListener and HttpSessionBindingEvent are used in a clustered Web server environment, the event is fired in the application server on which the session is currently being processed. The action will occur in situations where:

• A listener is put into a session
• A listener is removed from a session
• The servlet explicitly invalidates the session that contains listeners

If the session times out, this (unbound) event may be fired in any one of the application servers in the environment.

See also Best practices for session programming.