Sharing session state between JEE web applications through WebLogic session descriptor of sharing-enabled

Session state in Java Web application is associated with a single (user) browser session on the one hand and typically with a specific web application on the other (server side) hand. Session state is created and maintained in the context of a usually a single web application. However…

We ran into a situation where our web application was assuming gigantic proportions. To complex to quickly deploy or even easily build, compile and test. On closer inspection, it was quickly revealed that the application really consisted of a number of relatively independent modules – say one for each of the options in the main menu and one for the entry point – main menu, login, manage user preferences etc. From a functional point of view, the big web app monster was by and large a collection of almost individual web applications. Almost because a substantial number of navigations took place between pages in these modules. And some context data – including credentials – should be passed on these navigations. The application was developed with such information stored in the session scope – as all modules always have access to a (shared) session scope, it was thought.

We got to the point where for many reasons we would like the big fat web application to be split in one web application per module. This would allow much easier development, administration, release management etc. However, we could not resolve this issue of shared session state that should be maintained across the web applications-per-module.

We contemplated moving this shared session state to a memory grid – but the impact on the existing application would be quite substantial (although an interesting challenge: introduce a new scope for managed beans (superapplication, cross-application or application-cluster) and create an EL resolver that knows where to find beans referred to with expressions like #{super-application.bean.property}; find a way for all applications in the applicationcluster to identify a user session in the same way to ensure the bean instance associated with the current session in the current application is retrieved).

An easier solution presented itself – after briefly conferring with Mike Lehmann of Oracle’s Application Server team – in the form of WebLogic Server’s session sharing capabilities.

With Session Sharing enabled in WebLogic Server, web applications are clustered in a sense that they share session state – which basically means they use the same SessionId for a user’s browser session. The Map that holds the user session specific data is the same for all web applications deployed to a WebLogic Server with session sharing enabled.

Data collected in the session when the user access Web Application A is accesible when the user starts accessing – from the same browser session – Web Application B, and vice versa.

The criteria or steps for enabling this are qiute simple:

All Web Applications that are to share session state

1. need to be deployed in the same EAR file (ouch, still a single big deployment step)
2. need to have a deployment descriptor in their weblogic-application.xml with this setting:

<session-descriptor>
  <sharing-enabled>true</sharing-enabled>
</session-descriptor>

Note: session sharing is not partial. There is no shared compartment in addition to an application specific, private session scope.

Also note that much of each application’s definition can be deployed in a WebLogic Shared Library; these libraries (one per web application) can be deployed independently of the EAR file. So deployment does not have to be as massive as suggested above.

An example of Shared Session state between two web applications

There are two very simple java web-applications W1 and W2. Both contain class SomeBean and both have a JSF Managed Bean configuredv- someBean – in session scope. This bean will be accessible in both W1 and W2 – the same instance that is thereby shared.

Both application have the weblogic-application.xml deployment descriptor file. In the session tab the checkbox Enable session sharing has been checked.

This corresponds with the following XML content

The EAR file that will be deployed contains both Web Applications:

The EAR file contains a META-INF directory with:

In this case, I have constructed the EAR file using jZip.

The application.xml file configures both web applications, refering to their respective war-files in the EAR:

The weblogic-application.xml file is the same as was previous created and described.

After deployment of the EAR file, both Web Application should be enabled. Let’s access the Form page in W1:

This page contains a form that is bound to the someBean session scope managed bean. Enter some values and post the data to the server.

Using the hyperlink – or by typing the URL in the location bar – navigate to Web Application W2.

A similar page opens in W2. This page also contains items that are bound to a managed bean someBean. This bean was defined in session scope in W2 and because a bean with the same name was configured also in session scope in W1 and because W1 and W2 share their session state, the values posted on someBean in W1 are available when the page bound to someBean in W2 is accessed:

Making a change in W2:

followed by navigation back to W1 results in:

Of course the changes applied in W2 to the session scope someBean are now visible in W1 as well – because W1 and W2 have the same someBean instance from their shared session scope.