By default, the session management facility supports session scoping by web module in accordance with the Servlet 2.3 and later API specification. Only servlets in the same web module can access the data associated with a particular session. However, you can use the IBMApplicationSession object or the IBM® extension, shared session context, to share data outside of the web module scope.
The IBMApplicationSession object is a parent session object that can be retrieved by a web module’s session and can share session attributes across all of the web modules in a business-level application. The default scope of the business-level application is the enterprise application. The shared session context option extends the scope of the session attributes as well. Using the shared session context extension, there is only one session object for the entire business-level application or for the default enterprise application.
If you are using a shared session for a business-level application, then the class files for all objects placed in the session must exist in an isolated shared library and be common among all applications.
The benefit to using the IBMApplicationSession method is that each web module can maintain its own session as well as have a reference to the shared session.
If you’re migrating an application from a previous version of the product, the IBMApplicationSession method requires a change to the application logic of the application.
For enterprise applications on which this shared session context extension is enabled, the session management configuration on the web module inside the enterprise application is ignored. Then session management configuration defined on enterprise application is used if session management is overwritten at the enterprise application level. Otherwise, the session management configuration on the web container is used. If using multiple enterprise applications within a business-level application, the session management configuration must be common among all applications and web modules within this business-level application.
HttpSession listeners that are defined in all the web modules inside the business-level application or enterprise application are invoked for session events. The order of listener invocation is not guaranteed.Complete the following to share session data across the business-level application.