1

We are porting some legacy applications from WebLogic to Tomcat. In Web Logic these applications have the following in their weblogic.xml deployment descriptor:

<!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web Application 6.0//EN" "http://www.bea.com/servers/wls600/dtd/weblogic-web-jar.dtd"> 
<weblogic-web-app> 
  <session-descriptor> 
...
        <session-param> 
                <param-name> 
                        CookieName 
                </param-name> 
                <param-value> 
                        jsessionid 
                </param-value> 
        </session-param> 
...
   </session-descriptor> 
</weblogic-web-app>

Somehow, the inclusion of this element allows the application to send the cookie back through the response to the browser, enabling sticky sessions, which is what we are trying to achieve. There is no code in the application servlets that does anything with the cookies to make this happen. I should mention that we're using a traditional external load balancer to do the balancing, not any container options.

Now that we move over to Tomcat, we would like to maintain the same functionality, hopefully through similar declarative means, without code changes. However, there does not appear to be a similar descriptor that would do this in Tomcat.

When we test the application in the two environments we find that

curl -c cookie {url} saves a cookie in the file "cookie" under WebLogic, but not under Tomcat.

So I want to know

  1. How, if possible to achieve same in Tomcat, without coding changes.
  2. If not possible, how to achieve same in Tomcat through coding changes. In other words, what is WebLogic doing under the covers with this deployment description option?

I've tried researching this but not found any information on what the option does, only information how to set the option, with no information on why you might want to use it. See WebLogic documentation

Steve Cohen
  • 4,679
  • 9
  • 51
  • 89

1 Answers1

0

The session-param helps you customize the session object that is created by the application server on the first call to

HttpSession session = request.getSession(true);

HttpSessions are in memory (mostly) cached objects identified by a unique id by the application server. The id gets transported back and forth between requests in what is known as a session cookie. Subsequent requests to request.getSession() would attempt to retrieve the cookie from the request, read the id and retrieve the corresponding Session object.

With that background, there are several parameters of the Session and the Session cookie that weblogic allows you to parametrize through the session-param tag in weblogic.xml. Examples are cookie-name, cookie-domain,cookiemaxage etc all documented in the resource provided in your question.

Sticky sessions and load balancing have nothing to do with cookie configurations in session-descriptor. You can achieve load balancing in a weblogic cluster using

  1. Weblogic Plugin for IIS, APache
  2. External Load balancer
  3. Weblogic HttpClusterServlet (software load balancer)

Its all explained here The software load balancer is explained here

ramp
  • 1,256
  • 8
  • 14
  • Thanks, but I'm not sure you've gotten to the bottom of what I'm asking. Without any code that explicitly adds the cookies to the response, the servlets running on web logic do show cookies in the response. This can be seen with the curl -c command or with something like wireshark. This isn't happening under Tomcat and I still would like to understand why, and how to achieve that. – Steve Cohen Jun 29 '17 at 14:09
  • Your question was on sticky sessions which is relevant only for clustered applications. However if you just want sessions created by default, Tomcat does that too. As I said above a request.getSession(true) would return a session object to the application. A session cookie that tracks the session would automatically be included in the response too and all further requests would contain this session cookie in its header. You can further tweak some of the session parameters for tomcat as described in https://tomcat.apache.org/tomcat-7.0-doc/config/manager.html#Standard_Implementation – ramp Jun 30 '17 at 11:36
  • Just to further clarify, all j2ee web servers provide automatic session handling capabilities to the application. This includes creating a session, a cookie to track the session and include this cookie in the response and subsequent requests. What weblogic provides you through the session-param is the ability to tweak the sessions (and the session cookies) various attributes. Tomcat provides you some of the same tweaking abilities using the session manager. That said the basic session handling is included by default – ramp Jun 30 '17 at 11:40