New HttpSession on Every Request

Avatar

Avatar

Reini-

Avatar

Reini-

Reini-

29-07-2016

Hi,

I can't set any session attributes, because I get a new HttpSession on every request. To validate this, I added <%=slingRequest.getSession().getId()%> to /apps/geometrixx/components/homepage/content.jsp. Now I can see the http session id on every request to http://localhost:4502/editor.html/content/geometrixx/en.html. And I can see, this Id changes for every request so it makes no sense to set any session attributes like request.getSession().setAttribute("...", "....").

Can anybody tell me, how to get a valid http session which does not change for every single request?

Environment: Standard AEM 6.2 on Windows

 

regards

Reini

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar

Abhinav_m

Avatar

Abhinav_m

Abhinav_m

29-07-2016

AEM is restful in nature and if you are relying on HTTP SESSION, then you are breaking the restful nature of AEM. You'll also not able to cache anything that is HTTP SESSION dependent.

So to use HTTP SESSION inside AEM is strongly NOT advisable.

Having said that, just to resolve your issue. You are seeing new session each time coz of following directive in your global.jsp or it might also be in your component JSP's

<%@page session="false"%>

Answers (4)

Answers (4)

Avatar

Avatar

Reini-

Avatar

Reini-

Reini-

03-08-2016

Hi Opkar,

I know all the problems with dispatcher, sticky connections, ...
But in my case the anonymous user can choose between different shops, and every single shop has different prices, different stock level, ..., but the URL of the product pages stays the same (the url does not change after you select another shop, but some values on the page must change). So I tried to save the selected shop (and also some other values the user can select) in the session. On the product page I request the non static values with an ajax request (the rest of the page can be cached in dispatcher) and in this request I read the selected values from the session. But as mentioned in the previous post I changed this behaviour and I save the selected values in a cookie now and it also works.

regards
Reinhard

Avatar

Avatar

Opkar_Gill

Employee

Avatar

Opkar_Gill

Employee

Opkar_Gill
Employee

02-08-2016

Hi Reini,

as has been mentioned REST principles specify each request should be stateless[0], which your http sessions breaks. 

It should also be noted that by using an http session, you would need to maintain a sticky connection, as the session would only exist in the publish instance that created the session. You get no http session failover or replication with AEM.

Also, since you are going to the server for every request, you are bypassing dispatcher, this approach will not scale well and you would be better off trying to see if you can achieve your requirements using front end code.

It would be interesting to hear why you think you need to maintain a session, so we can see if there is an alternative.

Cases where I have see people want to maintain a session is with multi page forms, an alternative would be single page apps. Another is for commerce sessions, in this case the session is maintained in the ecommerce server and a token kept in cookie in the browser , so AEM never maintains state.

Regards,

Opkar

[0]https://en.wikipedia.org/wiki/Representational_state_transfer#Stateless

Avatar

Avatar

Reini-

Avatar

Reini-

Reini-

29-07-2016

Hi,

thank you very much. But I already knew this article.

So you would say that http sessions should never be used in AEM projects because it would not work?

 

regards

Reini

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Reply

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Reply

2.3K
smacdonald2008

29-07-2016

AEM does not really work with HTTP Sessions. The session you typically work with is a JCR session so you can interact with the JCR. 

See the StackOverFlow thread for more background info: 

http://stackoverflow.com/questions/30906454/how-to-set-session-attribute-in-cq5