Accessing the JSESSIONID from JSF
- by Frank Nimphius
The following code attempts to access and print the user
session ID from ADF Faces, using the session cookie that is automatically set
by the server and the Http Session object itself.
FacesContext fctx = FacesContext.getCurrentInstance();
ExternalContext ectx = fctx.getExternalContext();
HttpSession session = (HttpSession) ectx.getSession(false);
String sessionId = session.getId();
System.out.println("Session Id = "+ sessionId);
Cookie[] cookies =
((HttpServletRequest)ectx.getRequest()).getCookies();
//reset session string
sessionId = null;
if
(cookies != null) {
for (Cookie brezel : cookies) {
if (brezel.getName().equalsIgnoreCase("JSESSIONID")) {
sessionId = brezel.getValue();
break;
}
}
}
System.out.println("JSESSIONID cookie = "+sessionId);
Though apparently both approaches to the same thing, they
are different in the value they return and the condition under which they work.
The getId method, for example returns a session value as shown below
grLFTNzJhhnQTqVwxHMGl0WDZPGhZFl2m0JS5SyYVmZqvrfghFxy!-1834097692!1322120041091
Reading the cookie, returns a value like this
grLFTNzJhhnQTqVwxHMGl0WDZPGhZFl2m0JS5SyYVmZqvrfghFxy!-1834097692
Though both seem to be identical, the difference is within "!1322120041091" added to the id
when reading it directly from the Http Session object. Dependent on the use
case the session Id is looked up for, the difference may not be important.
Another difference however, is of importance. The cookie reading
only works if the session Id is added as a cookie to the request, which is
configurable for applications in the weblogic-application.xml file. If cookies are disabled,
then the server adds the session ID to the request URL (actually it appends it
to the end of the URI, so right after the view Id reference). In this case
however no cookie is set so that the lookup returns empty. In both cases
however, the getId variant works.
