Struts2 - session is lost after a redirect

Question

I'm working on a Java EE web application based on Struts2(say CNG). At a particular point, the user is redirected to a Payment Gateway (say IM.com) and then IM redirects to an Action of CNG. An interceptor runs before every Action checking for the session variable and it shows a value of null after returning from IM.com.

Why does this happen? How can I handle this so that my session is preserved after a redirect to another application?

EDIT:

I set my session like this in an Action:

SessionMap<String, Object> sessionMap = (SessionMap<String, Object>) ActionContext.getContext().getSession();

sessionMap.put("userID","1234");

I redirect to the IM application like this (on a JSP):

<a href="im.com/cng?q=1234">

IM , after success payment/transaction redirect to my application - cng.com/receivePayment?p=4321

My Interceptor that runs before every action that checks for the userID in session:

 public String intercept(ActionInvocation invocation) throws Exception {
            // TODO Auto-generated method stub

            final ActionContext context = invocation.getInvocationContext();
            HttpServletResponse response = (HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE);

            SessionMap<String,Object> sessionMap = (SessionMap<String,Object>)ActionContext.getContext().getSession();
            String m = invocation.getInvocationContext().getName();
            System.out.println(sessionMap.get("userID"));
            return invocation.invoke();

            }

When IM redirects back to CNG the interceptor runs and prints null i.e. I've lost my session variable..

The session itself expires when you redirect to another domain. You need to save session as cookie in browser. you can also implement the same in your action. — prem30488, Aug 30 '14 at 08:37
may be your action doesn't need that interceptor, unless you know that the session is empty. — Roman C, Aug 30 '14 at 18:51
@RomanC I added that interceptor to disable browser caching and subsequently session management. — Saturnian, Aug 31 '14 at 04:46
@ParthTrivedi I tried saving the session as a cookie. The cookie is created and stored properly (I can check for it in my Chrome Browser) but when I return to `CNG` application from `IM` the cookies cannot be fetched! They're present in the browser but the code cannot fetch it. Here's how I'm fetching it: (in next comment) — Saturnian, Aug 31 '14 at 04:50
@ParthTrivedi `HttpServletRequest servletRequest = (HttpServletRequest) ActionContext.getContext().get(StrutsStatics.HTTP_REQUEST); if(servletRequest.getCookies()!=null){ System.out.println("There are cookies - +servletRequest.getCookies().length); for(Cookie c : servletRequest.getCookies()) { if (c.getName().equals("userID")){ System.out.println("Received cookie - "+c.getValue()); break; } else System.out.println("can't find cookie"); } } else {System.out.println("No cookie set yet");} ` — Saturnian, Aug 31 '14 at 04:50
@ParthTrivedi Cookies work perfectly on my development environment. However, they expire when I'm trying it out on production. — Saturnian, Aug 31 '14 at 05:31
@Saturnian ohh, yes I can understand, But I was also wondering to not to use cookie but saving the session in somewhere else, for example saving them in app context or as a file and reading back them on server side, because cookie may leak security attacks threats also. — prem30488, Aug 31 '14 at 10:14
@ParthTrivedi I could try out App context, yes. Although weirdly enough, the cookie approach is working really well in production all by itself, very suddenly. Sigh! I will give App context a try asap, seems cleaner. Thanks for the idea! — Saturnian, Sep 01 '14 at 10:28

Struts2 - session is lost after a redirect

0 Answers0