Why isn't getSession() returning the same session in subsequent requests distanced in short time periods?

Question

I am sending a $.getJSON (HTTP GET) request twice (with different data), one after another (lets say we have request1 and request2). I can see in the developer tool

Answer 1

Just store your cookie(with JESSIONID) in Client , when your send subsequent request to Server , put the stored cookie in your request header field and send, then you will get the same session in the server end.

CLIENT(IOS) store your cookie from response:

    NSHTTPURLResponse* httpURLReqponse = (NSHTTPURLResponse*) response;
    NSDictionary* allHeaders = [httpURLReqponse allHeaderFields];
    NSLog(@"Response Headers : %@ ", allHeaders);
    NSString* cookie = [allHeaders objectForKey: @"Set-Cookie"];
    DATA.cookies = cookie;      // Store the cookie

CLIENT(IOS) send your subsequent request with cookie:

// Put the stored cookie in your request header
[(NSMutableURLRequest*)request addValue: DATA.cookies forHTTPHeaderField:@"cookie"];
[NSURLConnection sendAsynchronousRequest: request queue:[NSOperationQueue mainQueue] completionHandler:nil];

Not only for IOS client . Then , in the server end , you will get the same session:

Server(JavaEE) GET HttpSession:

// Get the session, print its hashCode. You will find out that it's same as previous.
HttpSession session = ServletActionContext.getRequest().getSession();

Answer 2

I noticed that it happens when cookies are disabled in ...web.xml file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app error-url="">

    <context-root>/some-app</context-root>

    <class-loader delegate="true"/>

    <jsp-config>
        <property name="keepgenerated" value="true">
            <description>Keep a copy of the generated servlet class' java code.</description>
        </property>
    </jsp-config>

    <session-config>
        <session-properties>
            <property name="timeoutSeconds" value="600"/>
            <property name="enableCookies" value="false"/> 
        </session-properties>
    </session-config>

</glassfish-web-app>

It should be <property name="enableCookies" value="false"/> to retain session ID from the same connection.

Answer 3

it looks like the cookie JSESSIONID from the frist 2 requests (request1 and request2) come from the first time I visit the page (lets say there was a request0 sent to the server when it created this JSESSIONID).

This was not true. I have 2 applications deployed under the same domain on the same server. So when I was calling http://mydomain.com/app1/initpage the server created a session for app1 with id FD0D502635EEB67E3D36203E26CBB59A and sent this JSESSIONID in a cookie to the client. The client saved the cookie under the mydomain.com and the second time when I executed http://mydomain.com/app2/executeService, the client browser sent the JSESSIONID from the cookie in the request header. I received it on the server but this was not a session in the other app2.

This explains the fact that when I send the other two requests (request1' and request2') they have a sessionID created on the appropriate application.

Have a look more here:
Deploying multiple web apps in same server
Under what conditions is a JSESSIONID created?

As for the concrete answer to my question, it appears that you need to make the 1st request synchronized so you are always sure that you have the same session id in the following requests. The following requests after the 1st one, can be asynchronous though.