Entering content frame

Background documentation SAP J2EE Engine Cookies Locate the document in its SAP Library structure

Session Cookie

The SAP J2EE Engine uses this type of cookie for session tracking.

The name of the SAP J2EE Engine session cookie is JSESSIONID (in accordance with the JavaÔ Servlet 2.3 Specification). The value of the JSESSIONID cookie must stick to the following mask:

[“(” + <string_value> + “)”] + “ID” + <integer_value> + “DB” + <double_value> + “End”

Note

If it is not compliant with this format, the cookie is ignored by the Web Container and is therefore not used for session tracking.

Session Cookie Attributes

The Web Container sets the following attributes when creating a session cookie by default:

·        Domain attribute – the value of this attribute must be a fully-qualified host name (FQHN). A fully-qualified host name means either the fully-qualified domain name of a host (that is, a complete domain name ending in a top-level domain such as .comor .org), or the numeric Internet Protocol (IP) address of a host. The SAP J2EE Engine Web Container sets a domain attribute using the host name from the client request. If it is an IP address, it sets the IP address for the domain attribute value. If it is a domain name of the type A.B.C, where B and C do not contain dots, it sets a domain attribute value of *.B.C. If the host is not fully-qualified domain name, the domain attribute is not set. The semantics of the value of the domain attribute is to specify a set of hosts to which the cookie must be sent.

·        Path attribute – this specifies the subset of URLs, to which this cookie applies. The SAP J2EE Engine Web Container sets the path attribute with value ”/” to the session cookie. Thus, the cookie applies to all Web applications on a given host. This value is also necessary to perform Single Sign-On for Web applications.

Application Cookie

This type of cookie is used by both the SAP Web Dispatcher and the J2EE Engine to perform load balancing of HTTP requests to distributed Web applications. The cookie has the following format:

·        Name – composed of the “saplb_” string and a string that represents a logon group. A logon group is defined by a set of J2EE instances with certain application aliases that are active on them.

·        Value –has the following format:

“(“ + <instance-id> + ”)” + <server-id>

where <instance-id>is either the value of the SAPMYNAME JVM parameter for the instance, or (if the above parameter is not set) the string “J2EE” + <java_dispatcher-id>; the <server-id> is the ID of the server process on which the requested application is running. The Web Dispatcher uses the instance ID part of the value to determine the J2EE instance to where the request is dispatched, whereas the corresponding Java dispatcher uses the server process ID part of the value to determine the correct server process to serve the request.

Application Cookie Default Attributes

·        Domain attribute – the same as for session cookies.

·        Path attribute – the value of this attribute is set to /<logon group>/, where <logon group> is the name of the logon group the target Web application runs within. This means that the application cookie is sent with requests for that particular logon group only.

Note

You can configure the attributes that the SAP J2EE Engine sets to the session and application cookies using the <cookie-config> element of the additional deployment descriptor of your Web applications. For more information on doing this, see Configuring the SAP J2EE Engine Cookies.

 

Leaving content frame