Session management involves passing the session ID, sub-session
ID (if applicable), and session context instance ID from the application
presentation layer to the application logic layer. This enables the
application logic layer to chain the process context to the session
context and makes the session data available to the process. The following
steps describe how the presentation layer supports sessions when the
presentation and application logic layers are running on WebSphere®. If they are not, the work area
is not available and the application presentation layer passes the
session ID in the logon process invocation instead.
To avoid complexity, the steps treat the presentation layer, Business
layer, and CHA as black boxes and concentrates on the interaction
between them. Note that if the requests are running under a sub-session,
the steps remain the same. The only difference is that the work area
or process request must contain the ID of the session and the sub-session.
The steps also assume that cookies are enabled so that the WebSphere Application Server
is performing session management. See Session management without cookies
for information how sessions can be managed without using cookies.
When a user logs on using the default logon process, the following
happens:
- A user enters a URL in a browser. This sends an HTTPRequest through
the CSEstablishSessionServlet.
- The application presentation layer creates an HTTPSession.
- The application presentation layer displays the logon page.
- The user submits the logon request.
- The application presentation layer starts a work area and stores
the session information in it.
- The application presentation layer launches the logon
procedure and waits for a response.
- In the application logic layer, logon function retrieves
the session ID from the work area.
- The logon procedure creates the logon context, and
chains it to the root context.
- The logon procedure validates the logon information
and removes the logon context. If the logon information is valid,
the logon procedure will create the session context and chain it to
the root context.
- The logon procedure returns session context instance
ID to the presentation layer.
- The application presentation layer ends the work area.
After the user logs on, the toolkit handles the user's
subsequent requests in the following way:
- The user sends a request to the application presentation layer.
- The application presentation layer starts a work area and stores
the session information in it.
- The application presentation layer launches the corresponding
business component and waits for a response.
- In the application logic layer, the BTT framework
retrieves the session ID from the work area.
- User uses the BTT framework to create the process
context. User can chain this process context to the session context.
- The Business logic layer creates a response, which
includes the session context instance ID (optional).
- The business logic layer sends the response to the
application presentation layer.
- The presentation layer updates the session entry
in session table if the session context was changed.
- The application presentation layer ends the work area.
When the user submits a logoff request, the application
presentation layer adds the additional steps of sending a cleanup
request to the application logic layer, invalidating the HTTPSession.
The cleanup request cleans up the session on the application logic
layer. That is, the CHA removes the session context from the CHA hierarchy
and the business logic layer performs any other additional logic needed
to cleanup the session.