How to manage and tune session and cookies in WebSphere

Home > Search > How-to
  by

A session is created when a web browser creates a connection to a WebSphere application, and the session is ended when the connection to the application is terminated, such as when the web browser is closed. There are two session management levels. You can set the session management settings at the application server level, or at the application level. The settings at the application level will take precedence over the settings at the application server level.

Application:

  1. In the left panel of the WebSphere web console, expand Application > Application Types, and select Websphere enterprise applications.
  2. Select an application.
  3. Select Session management.

Application server:

  1. In the left panel of the WebSphere web console, expand Server > Server Types, and select Websphere applications servers.
  2. Select an application server.
  3. Select Session management.

Session tracking mechanism

In the Session tracking mechanism section, by default, only Enable cookies is enabled. 

  • Enable SSL ID tracking will take precedence over Enable cookies and Enable URL rewriting. When Enable SSL ID tracking is enabled, the session ID will attempt to be obtained from SSL information.
  • Enable cookies will take precedence over Enable URL rewriting. When Enable cookies is checked, the session ID will attempt to be obtained from a cookie.
  • Enable URL rewriting - When Enable URL rewriting is enabled, the session ID will attempt to be obtained from the URL. If Enable protocol switch rewriting is enabled, the session ID will attempt to be retained when switching from HTTP to HTTPS, and vice versa.

 

Select Enable cookies to view and modify the cookie settings.

 


By default, the Maximum in-memory session count will be set to 1000 sessions. 

  • For in-memory sessions, this value specifies the number of sessions in the base session table of a web module.
  • For distributed sessions, this value specifies the size of the memory cache for sessions of each web module. When the session cache has reached its maximum size and a new session is requested, the session management facility removes the least recently used session from the cache to make room for the new one

If Allow overflow is checked, the maximum sessions can be exceeded. This only applies to in-memory sessions, and does not apply to distributed sessions.

 


Session timeout

By default, session timeout will be set to 30 minutes.

 


By default, Security integration is enabled. When enabled, this option associates the a user identity with their HTTP session.

 


Serialize session access

By default, Serialize session access is not enabled. When enabled, concurrent session access is permitted.

 


Distributed environment settings

Distrubuted sessions is the idea of distributing sessions across two or more application servers or applications in a cluster.

 


Session affinity

By default, a WebSphere application server uses session affinity. Session affinity allows WebSphere to assoicate requests from a certain browser to a certain JVM. For example, let's say you have two JVMs in a cluster. When a browser requests an application from the cluster, either JVM1 or JVM2 will send the browser the application. If JVM1 is the application server to send the browser the application, subsequent requests from the browser will route to JVM1, and will not invole JVM2. Likewise, if JVM2 were to send the application to the browser, then JVM2 would continue to answer the browsers requests, until the session is destroyed.

Session affinity improves performance, by allowing sessions to be accessed from cache in the application server, instead of having requests bounce between different application servers in a cluster.

Session affinity can be verified by checking the application server SystemOut.log file. When session affinity has been estabished with JVM1, only JVM1 SystemOut.log file should contain events from the browser. The same is true for JVM2.

~]# $was_home/profiles/<profile name>/servers/JVM1/logs/SystemOut.log
~]# $was_home/profiles/<profile name>/servers/JVM2/logs/SystemOut.log

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments