1

I have a webpage that contains a header and a main section. Both the header and the main section make the same call to one particular Java API running on my server. The first call should establish a session and set a flag in the session which prevents the second call from proceeding until the first call completes (e.g. its blocking).

What currently happens is the header usually makes the call first, establishes a session and sets the flag. Then, the main section makes the call; however, for some reason, it is establishing an entirely new session so it never sees the flag and both calls run consecutively. This consecutively running process causes a problem with the underlying database which is a separate issue.

So my question is, why are two separate sessions being established? Why isn't the second call recognizing the first session and using it?

Matt Crysler
  • 865
  • 3
  • 11
  • 23
  • It seems as though the question in the following post somewhat hints to the behavior I am experiencing... http://stackoverflow.com/questions/2488720/multiple-stateful-iframes-per-page-will-overwrite-jsessionid?rq=1 – Matt Crysler Oct 17 '13 at 20:09
  • 1
    That looks likely. If the browser sends two requests in parallel then each will get a new session as until the response with the cookie is returned to the browser, the browser has no knowledge of either session. – Mark Thomas Oct 17 '13 at 20:14
  • So that is my suspicion, Mark, so I guess I was just looking for confirmation. Thanks! – Matt Crysler Oct 17 '13 at 20:24
  • Very peculiar web page you have there. Cannot understand why would there be such a design in place, it sounds like it's asking for world of troubles. – eis Oct 17 '13 at 20:26
  • Am I getting right that there are two javascripts (or something else) on client-side that must consequently call your API? Or the calls are made on server-side both in the same request? – Dmitry Oct 17 '13 at 20:35
  • eis, I agree. Unfortunately, I only have control over the server-side APIs. The header calls an API in order to get the number of items in a shopping cart. This is complete overkill since I provide a getNumItemsInCart API which they don't use. The main section makes the same call to get the same information. It definitely begs for trouble! – Matt Crysler Oct 17 '13 at 21:22
  • Dmitry, its the former. There are two calls made concurrently (or near-concurrent) by the client-side. – Matt Crysler Oct 17 '13 at 22:11

1 Answers1

2

Sessions are usually established by cookies which are sent using HTTP headers. A web browser that is asked by server to save a session cookie typically uses that for any subsequent requests: however, for any request that has happened in between, session information will not be present. Thus new sessions can be created in between.

Also, if a browser chooses to reject session cookies, you would get a new session created for every request. That's something that's beyond your control.

This behaviour is general to HTTP traffic/web browsing and not related to any specific product (e.g. Tomcat).

eis
  • 51,991
  • 13
  • 150
  • 199