A session is created when a web browser creates a connection to a WebSphere application, and the session is ended when the connection to the application is terminated, such as when the web browser is closed. There are two session management levels. You can set the session management settings at the application server level, or at the application level. The settings at the application level will take precedence over the settings at the application server level.
- In the left panel of the WebSphere web console, expand Application > Application Types, and select Websphere enterprise applications.
- Select an application.
- Select Session management.
- In the left panel of the WebSphere web console, expand Server > Server Types, and select Websphere applications servers.
- Select an application server.
- Select Session management.
Session tracking mechanism
In the Session tracking mechanism section, by default, only Enable cookies is enabled.
- Enable SSL ID tracking will take precedence over Enable cookies and Enable URL rewriting. When Enable SSL ID tracking is enabled, the session ID will attempt to be obtained from SSL information.
- Enable cookies will take precedence over Enable URL rewriting. When Enable cookies is checked, the session ID will attempt to be obtained from a cookie.
- Enable URL rewriting - When Enable URL rewriting is enabled, the session ID will attempt to be obtained from the URL. If Enable protocol switch rewriting is enabled, the session ID will attempt to be retained when switching from HTTP to HTTPS, and vice versa.
Select Enable cookies to view and modify the cookie settings.
By default, the Maximum in-memory session count will be set to 1000 sessions.
- For in-memory sessions, this value specifies the number of sessions in the base session table of a web module.
- For distributed sessions, this value specifies the size of the memory cache for sessions of each web module. When the session cache has reached its maximum size and a new session is requested, the session management facility removes the least recently used session from the cache to make room for the new one
If Allow overflow is checked, the maximum sessions can be exceeded. This only applies to in-memory sessions, and does not apply to distributed sessions.
By default, session timeout will be set to 30 minutes.
By default, Security integration is enabled. When enabled, this option associates the a user identity with their HTTP session.
Serialize session access
By default, Serialize session access is not enabled. When enabled, concurrent session access is permitted.
Distributed environment settings
Distrubuted sessions is the idea of distributing sessions across two or more application servers or applications in a cluster.
By default, a WebSphere application server uses session affinity. Session affinity allows WebSphere to assoicate requests from a certain browser to a certain JVM. For example, let's say you have two JVMs in a cluster. When a browser requests an application from the cluster, either JVM1 or JVM2 will send the browser the application. If JVM1 is the application server to send the browser the application, subsequent requests from the browser will route to JVM1, and will not invole JVM2. Likewise, if JVM2 were to send the application to the browser, then JVM2 would continue to answer the browsers requests, until the session is destroyed.
Session affinity improves performance, by allowing sessions to be accessed from cache in the application server, instead of having requests bounce between different application servers in a cluster.
Session affinity can be verified by checking the application server SystemOut.log file. When session affinity has been estabished with JVM1, only JVM1 SystemOut.log file should contain events from the browser. The same is true for JVM2.
~]# $was_home/profiles/<profile name>/servers/JVM1/logs/SystemOut.log ~]# $was_home/profiles/<profile name>/servers/JVM2/logs/SystemOut.log