[GLASSFISH-4589] Add support for session tracking via SSL session id Created: 02/Apr/08  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: web_container
Affects Version/s: V3
Fix Version/s: not determined

Type: New Feature Priority: Major
Reporter: jluehe Assignee: jluehe
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: Sun


Issuezilla Id: 4,589

 Description   

See http://forums.java.net/jive/thread.jspa?threadID=38902&tstart=0



 Comments   
Comment by jluehe [ 26/Aug/08 ]

This is a new feature, and not the enhancement of an existing one.

Comment by jluehe [ 07/Apr/10 ]

Joe (java.net id "infosun") posted this interesting comment to the above froum
thread:

<comment>
Jan Luehe described a possible solution in his Blog "GlassFish Support for
Cookie-less HTTP Sessions"
http://blogs.sun.com/jluehe/date/200712

follow the example and replace his invoke method with the following code.

@Override
public int invoke(Request request, Response response) throws IOException,
ServletException
{
CoyoteRequest coyoReq = (CoyoteRequest) request;
coyoReq.getAttribute(Globals.CERTIFICATES_ATTR); // call
populateSSLAttributes();
String cid =
(String)coyoReq.getAttribute("javax.servlet.request.ssl_session");
if(cid != null)

{ coyoReq.setRequestedSessionId(cid); }

return INVOKE_NEXT;
}

works for me under Glassfish v2ur2.

Joe
</comment>

This should continue to work with GF v3.

All that's left to do would be to install this special-purpose valve (that is,
add it to the application's pipeline) for any application that had SSL
configured as its session tracking mode.

Comment by Tom Mueller [ 06/Mar/12 ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

Generated at Fri Dec 09 13:55:24 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.