0

UPDATE: After doing analysis for my original problem which is listed in the second section i found the issue could be due to 304 response below is the detailed explanation.

I have developed a web application where users clicks on the link and its takes him to servlet where i set few session variables and then forward it to jsp. First time when i access the application things work fine after closing browser and then opening browser and accessing application i get null pointer exception in jsp because it is trying to access session data the reason it i am getting 304 response for the servlet , so this means that servlet is not invoked and my jsp are getting called ? since servlet is not called session values are not set .

Is my understanding correct?

I am observing this only in IE9

--------------------- My original question is below --------

We have integrated Siteminder in our application , I have observed that siteminder cookie SM session is created for different domain where as my application specific cookie is created for proper domain.

For every request i see new smsession value but my application cookie remains same , even though the cookie remains same the values which I set in session using servlet are not available in my jsp.

I have printed the jsession id, the jsession id is same for all request.

Below is the flow.

User hits a URL siteminder intercepts it and asks for credentials once user successfully logs in he is redirected to servlet where i set few values in Session then i dispatch the control to index.html which has two frames . I am loading two jsp for these frames and in these jsps i am trying to access the session values which i am unable to get .

I am observing this behaviour only in IE9 but IE8 behaves correctly, First time access works fine second time does not in IE9

Can anybody let me know if change in smsesson incurs changes in httpsession for java app ? i don't think so as Jsession id remains the same.

What could be possible reason for this.

Xyz
  • 5,955
  • 5
  • 40
  • 58
sumedha
  • 473
  • 1
  • 9
  • 24

2 Answers2

1

Have you checked if the jsps being called in the frames has the same session id as the one in the servlet?

To give you background on SMSESSION and JSESSION:-

The SMESSION id cookie keeps getting changed by the web agent periodically and is usually tagged to the base domain. Example - If the application is hosted at a.b.com - the JSession ID will typically be set to the domain a.b.com and the SMSESSION will be set to the b.com domain. This is the default Siteminder behaviour since it assumes that all applications in the b.com domain need the cookie for SSO. You can change this using the ACO for the agent by either setting the domain name explicitly or setting the scope of the domain that needs to be used. Unless your application has logic which depends on the value of the SMSESSION id and modifies the java session, the JSessionID cookie is not impacted by the change in the value of SMSESSION

Avi
  • 406
  • 2
  • 8
  • that's right thanks avi however i observed different behavior today hence i will edit my question – sumedha Jul 14 '15 at 15:24
  • Does cookie change imply new session this is only wrt to siteminder session this does not have any impact on java session – sumedha Jul 14 '15 at 15:39
  • 1
    Sumedha - If you are getting 304 response code that means the browser is using cached versions of the page. You can try two things: 1. Put a print statement and see if that is getting printed every time you access the servlet 2. Set the no cache headers in the servlet response object and access again.. You should always get a 200 response again. Refer http://stackoverflow.com/questions/3413036/http-response-caching The cookie change implies change only to the Siteminder session and not the application's java session – Avi Jul 15 '15 at 12:05
  • Perfect @avi i dint see servlet code being printed so i have to change my code to set no cache header in my servlet and retest . – sumedha Jul 15 '15 at 12:31
0

After doing analysis i found that it was 304 response for the servlet which was causing issue. When application was accessed first time there was no issue but next since when i try to run the application it would result into issue because browser would have cached responses , hence server would send 304 response because of this servlet would not be called and session would not be set .

sumedha
  • 473
  • 1
  • 9
  • 24