Is session id meaning to another server?

Question

The HttpServletResponse#encodeRedirectURL adds the JSESSIONID (url-rewriting) for a redirect request.
I was wondering, this only makes sense if we redirect to another servlet within our web application, right?
Otherwise if we redirect to another server, how can the JSESSIONID we created in our server be of any use (meaningfull) to the other server?

Answer 1

In a Java EE the application container is responsible for session management and by default uses cookies.

This link Under what conditions is a JSESSIONID created? has a detailed explanation about the JSESSIONID and how it's created.

Refer also to this post http://javarevisited.blogspot.in/2012/08/what-is-jsessionid-in-j2ee-web.html

Answer 2

Say you have a cluster: several servers with the same set of applications deployed consistently (even a single application).

The JSESSIONID (be it in a cookie or encoded in the URL) set by one server can be useful to another server in that cluster if session clustering is enabled, so the same application on the other server can answer the user's request using her session data initially stored on the first server, or even complementing that same session data.

It's usually better to redirect to the same server as long as it's up, for data-locality, to limit the chatter in the cluster.

See

• JBoss
• Tomcat
• Terracotta
• etc.

Answer 3

You're right. The session ID is only meaningful for a given webapp. That's why the javadoc says:

Encodes the specified URL for use in the sendRedirect method or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL.

(emphasis mine)