users@glassfish.java.net

Re: Session Tracking Mechanisms (SSL Sessions)

From: <glassfish_at_javadesktop.org>
Date: Mon, 09 Jun 2008 14:30:07 PDT

Jan Luehe described a possible solution in his Blog "GlassFish Support for Cookie-less HTTP Sessions"
http://blogs.sun.com/jluehe/date/200712

follow the example and replace his invoke method with the following code.

[code]
    @Override
    public int invoke(Request request, Response response) throws IOException, ServletException
    {
        CoyoteRequest coyoReq = (CoyoteRequest) request;
        coyoReq.getAttribute(Globals.CERTIFICATES_ATTR); // call populateSSLAttributes();
        String cid = (String)coyoReq.getAttribute("javax.servlet.request.ssl_session");
        if(cid != null)
        {
            coyoReq.setRequestedSessionId(cid);
        }
        return INVOKE_NEXT;
    }
[/code]

works for me under Glassfish v2ur2.

Joe
[Message sent by forum member 'infosun' (infosun)]

http://forums.java.net/jive/thread.jspa?messageID=279268