Servlet and JSF page within same context shows different sessions

1
votes

We have a need to make a call to a servlet from an external application which is making a post request.

The servlet looks at the request, performs some processing and sets a attribute on the request or session and redirects to a JSF page which needs to retrieve the attribute set on the request or the session and do additional stuff.

For both cases I have been unable to retrieve the attribute/parameter set on the session or request from the managed bean and upon further debugging, it revealed that the session ids were different in servlet and in the managed bean.

Since this is a request coming from an external application, there is no session in the servlet so doing request.getSession(true); which is creating a new session in the servlet.

I was under the understanding that since these were part of the same application and using the same context that they would have the same session. Is my understanding incorrect? Is there a better solution to this issue? (I did consider creating a Filter but thought might have the same issue with the session)

Any help in understanding better or resolving this issue will be appreciated.

1
servletsjsf-2

1 Answers

0
votes

As to how sessions work, carefully read this: How do servlets work? Instantiation, sessions, shared variables and multithreading.

In fact, the external application should have sent the very same session cookie as the JSF application is using. An alternative would have been to provide a callback URL including the jsessionid path fragment, which is composed as follows:

String url = "http://example.com/context/servlet;jsessionid=" + session.getId();

Again another alternative would be to generate an unique ID (with java.util.UUID) referencing an entry in application scope or even the DB and set it as request parameter in the callback URL. You should only manually cleanup it when the session is destroyed. You can use a HTTP session listener for that.