HttpSessionListener.sessionCreated() not called if a websocket triggers new session?

Jeremy Jackson

unread,

Apr 5, 2023, 9:47:45 AM4/5/23

to WildFly

It seems undertow websocket servers create an HttpSession, but don't call HttpSessionListener.sessionCreated(), while Servlets do, does this seem right?

Paul Ferraro

unread,

Apr 5, 2023, 4:51:53 PM4/5/23

to WildFly

Web sockets should not force creation of an HttpSession, but will use it (if it already exists) to store references to the active web socket channels.

See: https://github.com/undertow-io/undertow/blob/master/websockets-jsr/src/main/java/io/undertow/websockets/jsr/JsrWebSocketFilter.java#L132

Jeremy Jackson

unread,

Apr 5, 2023, 5:21:33 PM4/5/23

to WildFly

Example of creating an HttpSession for a websocket when it is the initial connection:

https://stackoverflow.com/questions/20240591/websocket-httpsession-returns-null

public class GetHttpSessionConfigurator extends ServerEndpointConfig.Configurator { @Override public void modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response) { HttpSession httpSession = (HttpSession)request.getHttpSession(); config.getUserProperties().put(HttpSession.class.getName(),httpSession); } }

and indeed this "restores" what I had assumed was the default behavoiur, including setting the browser cookie

JSESSIONID in the response of a websocket with no existing session, creating a new HttpSession, calling sessionCreated() etc

so, problem solved

Reply all

Reply to author

Forward