session ID format

[lozina]

Is there any standardization in the format of Session ID accross different web servers?

I'm seeing some Web Servers append server speicific information to the Session ID they generate, which may change over the life cycle of that web server. For example, Web Logic does something like:

Session ID!Primary Server Hash!Secondary Server Hash!Some Other Hash

So after the actual session ID are these tokens delimmited by exclamation mark, and I am not sure if that is Web Logic specific or not- maybe some servers actually have exclamation marks within the Session ID itself?

I ask because I need to cache things specific to a session (so key it by session id) but sometimes that session ID changes so I have to know how to truncate any of the junk like prmary/secondary server hash and make sure it works with any vendor (ie not WebLogic specific!)

 

[znaps]

Why does the Session change?

 

[lozina]

The session ID changes in my scenario because I have a bunch of servers working together in a cluster. When one server fails, any sessions on that server basically get replicated over to another server so the person holding the session can continue to browse and stay 'logged in' as if nothing happened. But some web servers append server information to the session ID, so when a server fails and the session gets transferred over to a different server then that server specific info in the session ID string changes.

edit: If you then compared the whole session ID string now to before the server crashed the strings will be different, because of that server specific info the web server appends and maintains. But if you parse the session ID string to get at the actual session ID and ignore the server-specific junk then my problem would be solved. The only question is, will this be vendor specific or is there some kind of standardization accross different vendors?

 

[kamper]

There would be no standardization. It wouldn't do you much good anyways because the session id is no good without the session data and to share the session data the servers have to be fairly tightly integrated.

I think most J2EE app servers are capable of clustering, but you have to set them up specifically to do it. When you do that you do not have to worry about maintaining session ids yourself (no app developper ever should have to). If you're talking about having servers from different vendors pick up after eachother I'd say it's not going to happen but I don't really know that.