Session Persistence Mechanism in IBM WebSphere Application ... · IBM Software Group WebSphere® Support Technical Exchange 7 of 42 Session Manager configuration Configuration can

IBM Software Group

®

WebSphere® Support Technical Exchange

Session Persistence Mechanism in IBM WebSphere Application Server

Varun Tallapragada ([email protected])WebSphere Application Server L2 Support15 December 2010

mailto:[email protected]


IBM Software Group

WebSphere® Support Technical Exchange 2 of 42

Agenda

Overview of HTTP Session Management WebSphere Application Server & Session Management Local sessions Persistence mechanisms

Database persistence

Memory-to-memory replication Problem determination Best practices Resources Q&A

IBM Software Group


HTTP Session Management

IBM Software Group


HTTP Session managementWhat is HTTP Session:

Implementing the HTTP Session allows a web application developer to maintain state information across multiple user visits to the application.

HTTP Session API:

Creating/Accessing Session: HttpSession session = request.getSession(boolean create) HttpSession session = request.getSession()

Verifying if session is a new session: Session.isNew()

Dealing with HTTP Session attributes: getAttribute(String name) setAttribute(String name, Object val) removeAttribute()

When / How long: getCreationTime() getLastAccessedTime() getMaxInactiveInterval()

setMaxInactiveInterval()

IBM Software Group


Session listeners: Session Create or Destroy:

HTTPSessionListener• sessionCreated() • sessionDestroyed()

Session Attributes: HttpSessionAttributeListener

• attributeAdded()• attrbuteRemoved()• attributeReplaced()

Session Activation: HttpSesessionActivationListener

• sessionActivated()• sessionPassivated()

Session Binding Events: HttpSessionBindingListener

• valueBound()• valueUnbound()

com.ibm.websphere.servlet.session.IBMSessionListener

IBM Software Group


WebSphere & HTTP Session management

IBM Software Group


Session Manager configuration Configuration can be done at various levels

Application Server level. • Applied to all Web modules in the server.

Enterprise Application level.• Applied to all Web modules in the App.

Web Application level.• Applied to the specified web module.

Choosing a session tracking mechanism:WebSphere application server support the following session tracking mechanisms: Enable SSL ID tracking (deprecated) Cookies URL Rewriting

• Enable protocol switch rewriting

IBM Software Group


Server level Cookies

IBM Software Group


Session cookie

JSESSIONID=0002wJXDXci_VotWv84L6nNMaN3:15ej9t1j5:15ej9t4hc

CacheId : 0002

CloneSeperator : “:”

SessionId : wJXDXci_VotWv84L6nNMaN3

CloneId’s : 15ej9t1j5 and 15ej9t4hc

IBM Software Group


Application level

IBM Software Group


Session management properties

Maximum In-memory session countAllow Overflow

Session TimeoutNo timeout

Set timeout

Security Integration

Serialize Session AccessAllow Serial access

•Maximum Wait time in sec.•Allow access on Timeout

IBM Software Group


Local sessions

IBM Software Group


Local Sessions The local/in-memory session cache keeps session information in memory and local to the

machine and WebSphere Application Server where the session information was first created.

Local session management does not share user session information with other clustered machines. Users only obtain their session information if they return to the application server

Session data will be lost, during the fail-over and also if server goes down or server recycle

Users will be impacted during the server outage.

Note : “Allow overflow” is only for the non-distributed sessions.

IBM Software Group


Local sessions

IBM Software Group


Persistence mechanisms

IBM Software Group


Types of persistence mechanisms

Database persistence. Memory-to-memory replication.

Advantages of Session persistence: When the server with an existing request/session goes down, plugin will

route the request to next available cluster member.

The user’s session data can be recovered by another cluster member either from:

• External database− Data base persistence

• Another server store− Memory-to-memory Replication

IBM Software Group


Pictorial view of persistence mechanisms

IBM Software Group


Database persistenceConfiguring Database persistence

Create JDBC provide

Create a data source for the database.

Configure session Manager to use the data source created.

Note: Session Manager will automatically create the necessary database schema except for DB2 on z/OS. If using DB2 on z/OS, then database administrator need to create the database schema manually. Refer the following URL for instructions to create session schema:

Creating a DB2 table for session persistencehttp://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/

zseries/ae/tprs_db2tzos.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tprs_db2tzos.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/tprs_db2tzos.html

IBM Software Group


Distributed settings

IBM Software Group


Database settings

IBM Software Group


Database Persistence – Failover Scenario

New request arrives to plug-in. Plug-in decides to send the request to member1. Application accesses the session by calling request.getSession(), session manager

creates a new session and stores in database. The JSESSIONID cookie will be sent back to client in the response. member1 is crashed/shutdown. Subsequent request from the same user arrives to plug-in. Plug-in fails to maintain affinity as the server is not reachable. Plug-in failover the request to next available server, member2. When application access the session, session manager looks for the session in its

memory and fails to find. Session manager will retrieve the session from the database. Session manager in member2 increments the cacheId from 0001 to 0002 and

updates in database and in memory. member2 will send the updated JSESSIONID cookie in the response.

IBM Software Group


Tuning parameters Write Frequency

End Of Service Manual Update Time Based

Write Contents Only Updated attributes All Attributes

Schedule Session Cleanup Specify schedule

• First time• Second time

Very high (optimize for performance) Write frequency Time basedWrite interval 300 secondsWrite contents Only updated attributesSchedule sessions cleanup true

•First time of day default 0•Second time of day default 2

High Write frequency Time basedWrite interval 300 secondsWrite contents All session attributesSchedule sessions cleanup false

Medium Write frequency End of servlet serviceWrite contents Only updated attributesSchedule sessions cleanup false

Low (optimize for failover) Write frequency End of servlet serviceWrite contents All session attributesSchedule sessions cleanup false

Custom settings Write frequency default Time basedWrite interval default 10 secondsWrite contents default All session attributesSchedule sessions cleanup default false

IBM Software Group


Tuning parameters Custom settings

IBM Software Group


WebServer Plug-in Load Balancing

Distributes the load/request to all cluster members based on Round Robin algorithm

Session Affinity For all existing sessions, Plug-in sends request to the server

where session data exists in memory

When the target server is not reachable, then request fails over to a different server in cluster

Plug-in uses cloneId information present in JSESSIONID cookie of the incoming request to route request to application server

Note: In case of Memory-Memory (peer-to-peer) , session manager encodes partitionId in JSESSIONID cookie. Plug-in uses dynamic partition table from application server to route the request to the server where the backup data is present.

IBM Software Group


Memory-to-Memory replication Sessions are stored in the memory of an application server, providing the same

functionality as a database for session persistence.

M-M persistence, eliminates the overhead and cost of setting up and maintaining a real-time production database.

It also eliminates the single point of failure that can occur with a database.

Data Replication Service (DRS):

The data replication service (DRS) is an internal WebSphere Application Server component.

Memory-to-memory replication uses the DRS to replicate data across many application servers in a cluster.

Dynamic Caching and Stateful session beans are other consumers of DRS.

Replication domain should be created (Either manually or while creating the cluster) before configuring the DRS.

NOTE: Do not use same replication domain for Dynamic caching and sessions/Stateful.

IBM Software Group


Memory-to-Memory

Configuring Memory-to-Memory replication

Create a replication domain.

Select “Memory-to-Memory replication” persistence from distributed environment settings page of session manager panel.

Provide following general properties in Memory-to-Memory replication page. Replication domain. Replication mode.

• Server mode• Client mode• Both mode (Default)

Topologies supported :

Peer-to-peer replication Client/server replication

IBM Software Group


Peer-to-Peer topology This is most commonly used topology.

In this basic peer-to-peer topology, each application server can:

Host the Web application Send changes to the HTTP session that it owns Receive backup copies of the HTTP session from all of the other servers in the

cluster.

The advantage of this topology is that no additional processes and products are required to avoid a single point of failure.

Hot Fail over can be accomplished with this topology.

Most stable implementation is achieved when each node has equal capabilities (CPU, memory etc), and each handles the same amount of work.

Note: At least one backup server must be running always.

IBM Software Group


Peer-to-peer topology

IBM Software Group


Client/Server topology In Client/Server topology the servers act as either replication client only or a server

only.

Application Servers Configured as Server Stores the session information of clients and purely acts as datastore. Cannot host any applications and do not respond to the user’s requests Store sessions in their own memory and provide session information to clients. These servers must be started before starting the client servers.

Application Server Configured as Client These servers can host applications Client application servers send session information to the replication servers

and retrieve sessions from the servers. Respond to user requests and store only the sessions of the users with whom

they interact.

IBM Software Group


Client/Server topology

IBM Software Group


Replication domain Memory-to-Memory

IBM Software Group


Memory-to-Memory - Failover scenario

New request arrives to plug-in. Plug-in decides to send the request to member1. Application accesses the session by calling request.getSession(), session

manager creates a new session and stores in database. The JSESSIONID cookie will be sent back to client in the response. The session gets replicated to other servers in the cluster (member2 and

member3). member1 is crashed/shutdown. Subsequent request from the same user arrives to plug-in. Plug-in fails to maintain affinity as the server is not reachable. Plug-in failover the request to next available server, member2. When application access the session, session manager looks for the session

in its memory. Session manager will retrieve the session from member2, as the session

already got replicated to this server. Session manager in member2 increments the cacheId from 0001 to 0002 and

updates the cache. member2 will send the updated JSESSIONID cookie in the response

IBM Software Group


Problem determination

IBM Software Group


Problem determinationSession Affinity is failing

Affinity is maintained by plug-in. If WebServer plug-in is not used in the environment, then affinity will not be maintained.

Check if the session persistence is configured properly

make sure latest plugin-cfg.xml is in use.

Review the plug-in trace to see if plug-in is picking up right clone information from session cookie as well as sending request to right server.

If using peer-to-peer topology, then plug-in uses dynamic partition table information to maintain affinity.

Make sure to upgrade plug-in with application server upgrade.

New session is created on every access from same client Check the value of JSESSIONID in all requests from the same client.

Check the value for inactivation interval for a newly created session

IBM Software Group


Session data crossover Get the session cookie (JSESSIONID) value for both the users

Get the suspected session attribute

Get the URL for the failing request when the session data was swapped

Verify if there are any concurrent requests been served by WebSphere when the data was swapped.

Add DebugSessionCrossover custom property. This will check to verify that only the session associated with the request is accessed or referenced.

Add debug statements in application code.

IBM Software Group


Session data lost Is all session data lost or only certain attributes?

If only certain attributes, then make sure those objects are implementing java.io.Serializable interface.

Verify if there are any DB Persistence related error messages in SystemOut, SystemError and trace files. If found, fix those errors first.

Check if persistence is configured properly and verify the Session Tuning settings – Write Frequency and Write Contents.

Check to see if there is any modification to the attributes storing in session, after calling setAttribute().

Check if storing all session attributes in custom settings will help.

IBM Software Group


Best practices

IBM Software Group


Best practices using HTTP Sessions Keep amount of data stored in session minimal.

Release HttpSession objects by invalidating the session when finished.

Implement Serializable when developing new objects to be stored in the HTTP session.

When secure data is stored in session, use session and security integration feature in secured environments.

Avoid trying to save and reuse the HttpSession object outside of servlet or JSP service.

When using multi-framed pages Create a session in only one frame or before accessing any frame sets. Update session data using only in one frame.

IBM Software Group


Additional Resources for HTTP Session

WebSphere Appliction Server Information center http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp

com.ibm.websphere.servlet.session.IBMSessionListner http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.javadoc.doc/web/apidocs/com/ibm/websphere/servlet/session/IBMSessionListener.html

Best practices using HTTP Session http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/cprs_best_practice.html

Java™ Servlet Specification http://www.oracle.com/technetwork/java/download-139443.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.javadoc.doc/web/apidocs/com/ibm/websphere/servlet/session/IBMSessionListener.html



http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/cprs_best_practice.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/cprs_best_practice.html

http://www.oracle.com/technetwork/java/download-139443.html

IBM Software Group


Additional WebSphere Product Resources Learn about upcoming WebSphere Support Technical Exchange webcasts, and access

previously recorded presentations at:http://www.ibm.com/software/websphere/support/supp_tech.html

Discover the latest trends in WebSphere Technology and implementation, participate in technically-focused briefings, webcasts and podcasts at:http://www.ibm.com/developerworks/websphere/community/

Join the Global WebSphere Community: http://www.websphereusergroup.org

Access key product show-me demos and tutorials by visiting IBM® Education Assistant:http://www.ibm.com/software/info/education/assistant

View a webcast replay with step-by-step instructions for using the Service Request (SR) tool for submitting problems electronically:http://www.ibm.com/software/websphere/support/d2w.html

Sign up to receive weekly technical My Notifications emails:http://www.ibm.com/software/support/einfo.html

http://www.ibm.com/software/websphere/support/supp_tech.html

http://www.ibm.com/software/websphere/support/supp_tech.html

http://www.ibm.com/developerworks/websphere/community/



http://www.websphereusergroup.org/



http://www.ibm.com/software/info/education/assistant



http://www.ibm.com/software/websphere/support/d2w.html

http://www.ibm.com/software/support/einfo.html

http://www.ibm.com/software/support/einfo.html

IBM Software Group


We Want to Hear From You!

Tell us about what you want to learn

Suggestions for future topicsImprovements and comments about our webcasts

We want to hear everything you have to say!

Please send your suggestions and comments to: [email protected]


IBM Software Group


Questions and Answers

Documents

Session Persistence Mechanism in IBM WebSphere Application ... · IBM Software Group WebSphere® Support Technical Exchange 7 of 42 Session Manager configuration Configuration can