Session Management


  1. Application Server: This is the default level. Configuration at this level is applied to all Web modules within the server.

  2. Application: Configuration at this level is applied to all Web Modules within the web application

  3. Web Modules: Configuration at this level is applied only to the web application



The level at which you set a property decides the scope at which that property is assigned. You get the Session management link at all three levels and when you click on that link you will get a screen like this

WebSphere Application Server has set of Session properties that you can set at either of the following three levels


WAS allows you to set following session management properties

  • Session tracking mechanism: WebSphere Application server provides following three mechanism to implement the session tracking

    • Enable SSL ID Tracking:Specifies that session tracking uses Secure Sockets Layer (SSL) information as a session ID. Enabling SSL tracking takes precedence over cookie-based session tracking and URL rewriting.

    • Enable Cookies: Specifies that session tracking uses cookies to carry session IDs. If cookies are enabled, session tracking recognizes session IDs that arrive as cookies and tries to use cookies for sending session IDs. If cookies are not enabled, session tracking uses Uniform Resource Identifier (URL) rewriting instead of cookies (if URL rewriting is enabled).
      Enabling cookies takes precedence over URL rewriting. Do not disable cookies in the session management facility of the application server that is running the administrative application because this action causes the administrative application not to function after a restart of the server. As an alternative, run the administrative application in a separate process from your applications. Click Enable cookies to change these settings.

    • Enable URL Rewriting: Specifies that the session management facility uses rewritten URLs to carry the session IDs. If URL rewriting is enabled, the session management facility recognizes session IDs that arrive in the URL if the encodeURL method is called in the servlet.



  • Maximum in-memory session count: The meaning differs depending on whether you are using in-memory or distributed sessions. For in-memory sessions, this value specifies the number of sessions in the base session table. Use the Allow overflow property to specify whether to limit sessions to this number for the entire session management facility or to allow additional sessions to be stored in secondary tables. For distributed sessions, this value specifies the size of the memory cache for sessions. When the session cache has reached its maximum size and a new session is requested, the session management facility removes the least recently used session from the cache to make room for the new one.

  • Session Timeout: Specifies how long a session can go unused before it is no longer valid. Specify either Set timeout or No timeout. Specify the value in minutes greater than or equal to two. The value specified in a Web module deployment descriptor file takes precedence over the administrative console settings. However, the value of this setting is used as a default when the session timeout is not specified in a Web module deployment descriptor. Note that to preserve performance, the invalidation timer is not accurate to the second. When the write frequency is time based, ensure that this value is least twice as large as the write interval.

  • Security Integration: Specifies that when security integration is enabled, the session management facility associates the identity of users with their HTTP sessions

  • Serialize session access: determines if concurrent session access in a given
    server is allowed.

  • Overwrite session management, for enterprise application and Web module level only, determines whether these session management settings are used for the current module, or if the settings are used from the parent object.
  • 4 comments:

    chizKorn_Studio said...

    Nice and simple idea you have shared. Thanks for sharing your helpful ideas and tips. I'll be following your upcoming post.

    Dallas Property Management

    srjwebsolutions said...

    We are leading responsive website designing and development company in Noida.
    We are offering mobile friendly responsive website designing, website development, e-commerce website, seo service and sem services in Noida.

    Responsive Website Designing Company in Noida
    Website Designing Company in Noida
    SEO Services in Noida
    SMO Services in Noida

    EG MEDI said...

    Egmedi.com is online medical store pharmacy in laxmi nagar Delhi. You can Order prescription/OTC medicines online.
    Cash on Delivery available. Free Home Delivery


    Online Pharmacy in Delhi
    Buy Online medicine in Delhi
    Online Pharmacy in laxmi nagar
    Buy Online medicine in laxmi nagar
    Onine Medical Store in Delhi
    Online Medical store in laxmi nagar
    Online medicine store in delhi
    online medicine store in laxmi nagar
    Purchase Medicine Online
    Online Pharmacy India
    Online Medical Store

    Vikas Chaudhary said...


    BatteryMantra is authorized exide battery dealer in Noida.
    We also provide car battery, ups battery and invertor battery all major brands like luminous, exide, etc. Buy Battery Online for best battery.
    http://www.batterymantra.com