Sunday, July 21, 2013

How to Set Cookies in Websphere?



Many sites choose cookie support to pass the user’s identifier between WebSphere and the user. WebSphere Application Server session support generates a unique session ID for each user, and returns this ID to the users browser with a cookie. The default name for the session management cookie is JSESSIONID. See Figure 12-2



A cookie consists of information embedded as part of the headers in the HTML stream passed between the server and the browser. The browser holds the cookie and returns it to the server whenever the user makes a subsequent request. By default, WebSphere defines its cookies so they are destroyed if the browser is closed. This cookie holds a session identifier. The remainder of the user’s session information resides at the server.The
Web application developer uses the HTTP request object’s standard interface to obtain the session:

HttpSession session = request.getSession(true);

WebSphere places the user’s session identifier in the outbound cookie whenever the servlet completes its execution, and the HTML response stream returns to the end user. Again, neither the cookie or the session ID within it require any direct manipulation by the Web application. The Web application only sees the contents of the session.

Be aware that some users, either by choice or mandate, disable cookies from within their browser.

Cookie settings

  1. Open Admin console.
  2. Open the session management properties for the application server, enterprise application or Web module.
  3. I am doing here for Application server.
  4. Go to Servers à Servers types à Websphere application servers

  1. Click on servers1
  2. You will come to following page. Click on Session management from the left panel.


  1. Here you can check all the three, or what ever you want. As shown in following figure.



  1. If you would like to view or change the cookies setting, select the Enable cookies link.
  2. Here you will come to following screen.



  1. Here you have
– Cookie you have following attributes to set.

The cookie name for session management should be unique. The default cookie name is JSESSIONID. However, this value can be configured for flexibility.

– Restrict cookies to HTTPS sessions:

Enabling this feature restricts the exchange of cookies only to HTTPS sessions. If it is enabled, the session cookie’s body includes the secure indicator field.

– Cookie domain:

This value dictates to the browser whether or not to send a cookie to particular servers. For example, if you specify a particular domain, the browser will only send back session cookies to hosts in that domain. The default value in the session manager restricts cookies to the host that sent them.

  1. After required change click on Apply/Ok. You will come to following screen.
  2. Click Save.


  1.  

– Cookie path:

The paths on the server to which the browser will send the session tracking cookie. Specify any string representing a path on the server. Use the slash (/) to indicate the root directory. Specifying a value restricts the paths to which the cookie will be sent. By restricting paths, you can keep the cookie from being sent to certain URLs on the server. If you specify the root directory, the cookie will be sent no matter which path on the given server is accessed.

– Cookie maximum age:

The amount of time that the cookie will live in the client browser. There are two choices:

• Expire at the end of the current browser session
• Expire at a configurable maximum age

If you choose the maximum age option, specify the age in seconds.

Posted by at

2 comments:

  1. maditsiJuly 11, 2016 at 1:49 AM

    can i restrict the cookie to certain applications in the same domain. application x doesn't use cookies at all and i'm asked to disable this in websphere application server.

    ReplyDelete
  2. UnknownNovember 16, 2016 at 9:03 PM

    Can you tell on how to completely disable all the cookies for was server on localhost?

    ReplyDelete

Subscribe to: Post Comments (Atom)