Resolution:

Problem Description:

-Product: BES 6.0.x App / Web Server Edition

-Platform: ALL

-Module: Web Container, Java Session Storage service, SSO and Session Management

Question:

There are more than one Web Applications deployed on a single Partition. Those users who are coming in for resources in one Web App may jump over to another Web App running on the same Partition.Hence, other Web Apps on that Partition are most likely in need of the session info of the incoming web user.Is there any built-in mechanism coming with BES 6.0.x to allow us to share / distribute the user sessions in a web context among multiple Web Apps, if they are running on a single Partition?

Resolution:

Basically, you just need to change the tomcat configuration to enable session storage and change the store name to match what the JSS factory name is defined to be.Below are the steps to store you session data in JSS:

1. Configure your Session Store Property, "Factory Name", using BES Consolei.e., (using BES-Console-->-->Session Storage Service-->Properties)

2. Edit Your Partition"s Tomcat Server Configuration File to uncomment JSS Persistent Manager defintioni.e., The lines that need to be uncommented from the server.xml are as follows:Please note that the attribute, maxIdleBackup="xxx", denotes "Automatic Session Storage" at a particular time interval.

3. Modify the "storeName" to have your chosen JSS factory namei.e.,

You should either:

1. Set the storeName in the server.xml to an empty string

2. Set the storeName to the factory name you have given to your JSS using BES-Console(Please note that the default name for the storeName is / if you leave it empty.)

4. Please make sure that i) You run your Java Session Storage(JSS) service within your local networkso that OSAgent would be able to locate it.ii)You define JSS Persistent Manager in server.xml for each of your web app (i.e., between each ... representing your web apps)

5. Please note that sharing HttpSessions via JSS is different from Single Sign On (SSO) feature provided by BES.i.e.,Once you login to one Web App, you can access other Web Apps without relogging-in, provided you are using SSO feature of our BES and you are leaveraging on our BES security implementations, WebContainer"s Security (like form-based) or VisiSecure (JAAS).Please see Clarify Case # 572387 for the steps to enable SSO in your environment.But, if you have built custom security module for your app, then our BES "Single Sign On" feature can not be exploited.Your custom security module itself should take care of SSO on it"s own way; BES would have NO idea about security credentials created and managed by your custom module if you expect BES to allow single sign on.However, you can still go ahead exploiting the JSS feature of our BES in order to share the user sessions among web apps.Please understand that user security credentials are entirely different from user sessions (HttpSession).To sum up,* SSO allows multiple web apps to share the user security credentials, not HttpSession of the user.( SSO feature of our BES makes use of in-memory database by default.)

* JSS allows to persist the user session info (as a HttpSession object) to provide fail-over feature.

* You can use the JSS feature to share the user session info between multiple web apps.For further info:

* Setting up your Web Container with JSS:http://info.borland.com/techpubs/bes/v65/html_books/developersguide/loadfaultiiop.html#setting_web_contain_w_jss

* Configuring Session Storage Service: http://info.borland.com/techpubs/bes/v65/html_books/usersguide/partitionservices.html#config_session_props

* Description of Session Storage Service Properties: http://info.borland.com/techpubs/bes/v65/html_books/usersguide/partitionservices.html#session_service_properties

* Java Session Service (JSS) configuration: http://info.borland.com/techpubs/bes/v6/html_books/developersguide/jss.html

* Session Service (JSS) Properties: http://info.borland.com/techpubs/bes/v6/html_books/developersguide/listofproperties.html#jss

* Setting up your web container with JSS: http://info.borland.com/techpubs/bes/v6/html_books/developersguide/loadfaultiiop.html#setting_web_contain_w_jss

* Connecting Borland web containers to Java Session Service: http://info.borland.com/techpubs/bes/v6/html_books/developersguide/webcomponents.html#connecting_tomcat_to_jss

* Security for the Tomcat web container: http://info.borland.com/techpubs/bes/v6/html_books/securityguide/webcompnts.html#securing_your_tomcat_web_cont