How web application request is handled by multiple servers by maintaing the same user session.?

Question

Want to know how a request is processed by multiple servers maintaining the same user session.

For example: We log-in to IRCTC and try to book a ticket. During payment IRCTC lists out multiple bank options with radio buttons for online transaction. Assuming that I decide to do transaction using CITI bank, when I click on CITI Bank radio button I am redirected to CITI Bank website transaction page i.e you will see URL is switched from IRCTC Website to CITI Bank URL. It means I am completely out of IRCTC and switched to CITI BANK website. Now when my payment transaction is completed, I am switched back to IRCTC website from CITI Bank website WITHOUT ENDING THE USER SESSION i.e when I am switched back from CITI bank URL to IRCTC after completing transaction the user session is maintained in logged-in state.

I would like to know how this works.

1. How a request is sent from IRCTC to CITI Bank website
2. How CITI Bank server receives details from IRCTC
3. How the same request comes back from CITI Bank to IRCTC i.e how servers are switched (from CITI bank to IRCTC)
4. How same user session is maintained between two different servers during communication i.e IRCTC will show user as logged-in user when request comes back from CITI Bank to IRCTC after payment transaction is complete. How does same user session maintained while switching between two servers ?

I am using Struts frame work. Kindly help me in this regard and implementing the same with some examples.

Assuming IRCTC using struts (Jsp/Servlets), which struts component takes the resposibility to send the details of IRCTC to Citi bank and recieve back detials form CITI bank to IRCTC. Is it possible using Requestdispacter.sendRedirect() OR somthing else ?

Thanks,

• Anand

Answer 1

There is something call Session Migration, where one LBS(Load Balancing Server) available to get multiple request and contact with multiple application server.And sometime one user request may be share for several server where multiple user requesting for same thing. Obviously the server where request will go must be free. then LBS takes 1st request and forward to a free server where session obj has created for that user. now 2nd request is forward to the 2nd server. But 2nd server want to share 1st user session Obj so that time we have to migrate from session 1 to session 2. It has two event which will occur passivated event and activated event. we have to use one Listener HttpSessionActivationListener and have to implements void sessionWillPasivate() and void sessionDidActivate()

Answer 2

There is NO session shared between IRCTC and CITI bank here. IRCTC makes request to CITI bank through form submit on CITI bank url and the payment amount and other things are sent as hidden parameter in that form (ofcourse, through secure mechanism, like with some hashcode of the values being sent).

After the payment is done successfully, citi bank does a form submit to IRCTC URL (return url given by IRCTC). with the details (like success/error) in hidden parameter. IRCTC processes that and show success/error screen.

Also, The session in you parent application is never killed in this case. The session could end through one of the following ways:

 1. Session time out
 2. Logout
 3. Application destroys the session

In this case, none of this happened and user session is still there in browser and application.

If the application has more than one servers, then the session is shared between them using session replication mechanism which servers provide.

Also, The web server request the same server (for a session id) and only calls another application server when the original server is not reachable, in that case session replication comes to the rescue of the user.

Answer 3

How can you say that user session is the same in both the servers?

I'm going to assume that you are talking about the payment gateway options and their functionality.

What generally happens is you send a web service call and redirect the user to a URL of the payment gateway, which will will deal with the transaction details.

Then the original bank receives the payment gateways web service response with the transaction details.

This flow varies slightly on different gateways though. However the most important thing is they will not be maintaining a session for you user in their servers, if they are maintaining a session at all then it will be for the IRCTC web site.

Answer 4

There is something called session replication. It is used in clusters to have all cluster nodes use the same session information. Read the linked site or other resources on how session replication works, if you're curious.

But the systems don't need to share a whole session object. In your case it looks like you're leaving one server and later come back without any special session treatment. The session was just never closed. As if you'd log in in to your favorite web mail site, then move to a completely different page and go back to your web mail site. The session is still there. You're still logged in.

So probably IRCTC site passes some information to the CITI bank site which is required for CITI to process the request along with a token (just a number in the simplest case). When CITI bank is done it calls a IRCTC server with the result code and the token. Using the token the IRCTC server can associate the result code with your session. Then CITI bank just redirects your browser to a IRCTC page. The server there has a updated session an can present you the next page in your order process.