X

The blog for hints & tips about Oracle Application Development Framework and Mobile Application Framework

  • ADFv
    November 24, 2011

Accessing the JSESSIONID from JSF

Frank Nimphius
Master Principal Product Manager

The following code attempts to access and print the user
session ID from ADF Faces, using the session cookie that is automatically set
by the server and the Http Session object itself.

FacesContext fctx = FacesContext.getCurrentInstance();
ExternalContext ectx = fctx.getExternalContext();
HttpSession session = (HttpSession) ectx.getSession(false);
String sessionId = session.getId(); 
System.out.println("Session Id = "+ sessionId);
Cookie[] cookies = ((HttpServletRequest)ectx.getRequest()).getCookies(); 
//reset session string
sessionId = null;

if

(cookies != null) {for (Cookie brezel : cookies) {    if (brezel.getName().equalsIgnoreCase("JSESSIONID")) {
       sessionId = brezel.getValue();
       break
;
     }

  }
}

System.out.println("JSESSIONID cookie = "+sessionId);

Though apparently both approaches to the same thing, they
are different in the value they return and the condition under which they work.
The getId method, for example returns a session value as shown below

grLFTNzJhhnQTqVwxHMGl0WDZPGhZFl2m0JS5SyYVmZqvrfghFxy!-1834097692!1322120041091

Reading the cookie, returns a value like this

grLFTNzJhhnQTqVwxHMGl0WDZPGhZFl2m0JS5SyYVmZqvrfghFxy!-1834097692

Though both seem to be identical, the difference is within "!1322120041091" added to the id
when reading it directly from the Http Session object. Dependent on the use
case the session Id is looked up for, the difference may not be important.

Another difference however, is of importance. The cookie reading
only works if the session Id is added as a cookie to the request, which is
configurable for applications in the weblogic-application.xml file. If cookies are disabled,
then the server adds the session ID to the request URL (actually it appends it
to the end of the URI, so right after the view Id reference). In this case
however no cookie is set so that the lookup returns empty. In both cases
however, the getId variant works.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.