This document explains the process of configuring an application-based custom session identifier for Documentum Web Development Kit-based applications.
White Paper: Configuring a Customized Session Identifier in Documentum Web Development Kit-based Web Applications
1. White Paper
CONFIGURING A CUSTOMIZED SESSION
IDENTIFIER IN AN EMC® DOCUMENTUM® WEB
DEVELOPMENT KIT-BASED WEB APPLICATIONS
Abstract
This document explains the process of configuring an
application-based custom session identifier for Documentum
Web Development Kit-based applications.
June 2012
3. Table of Contents
Executive summary.................................................................................................. 4
Audience ............................................................................................................................ 4
Introduction ............................................................................................................ 4
Configuring the Custom Session Identifier in a WDK-based Client Application ........... 5
Webtop application........................................................................................................ 5
TaskSpace application ................................................................................................... 6
Other WDK-based applications....................................................................................... 7
Configuring the Custom Session Identifier on the Application Server......................... 7
Configuring the custom session identifier on the WebLogic application server ................... 7
Configuring the custom session identifier on the IBM WebSphere application server ......... 8
Configuring the CookiePath on the WebLogic application server......................................... 9
To avoid concurrent session timeout errors: ................................................................... 9
Conclusion.............................................................................................................. 9
Configuring a customized session identifier in an Documentum Web
Development Kit-based web applications 3
4. Executive summary
This white paper explains the end-to-end configuration settings required for
configuring the customized session identifier instead of using JSESSIONID. This white
paper is intended to explain the configuration settings of Documentum Web
Development Kit-based applications to support custom session identifiers specified
in the application servers. This paper also explains how you can use configuration
settings to configure a custom session identifier in WDK-based client applications
instead of using JSESSIONID.
As part of the effort to improve and enhance the performance and capabilities of its
product line, EMC, from time to time releases revisions of its hardware and software.
Therefore, some functions described in this guide may not be supported by all
revisions of the software or hardware currently in use. For the most up-to-date
information on product features, refer to your product Release Notes document.
If a product does not function properly or does not function as described in this
document, please contact your EMC representative.
Note: We vouch that the content in this document is accurate at the time of
publication. However, as information is added, new versions of this document may be
released to the EMC online support website. Check the website to ensure that you are
using the latest version of this document.
Audience
This white paper is intended for personnel who are responsible for the configuration
and administration of the application server production environment with regard to
WDK-based client applications. This document is intended for internal EMC
personnel, partners, and customers.
Introduction
As per the policy of one of the customers of EMC, every web application must have an
alternative session identifier besides the default JSESSIONID session identifier.
Perhaps this customer uses other applications in the infrastructure to enforce security
restrictions where a request must have a specific session identifier. In this case,
customers can set the customized session identifier to applicationname_sessionid
or to any other value based on the customer’s business needs, instead of using
JSESSIONID.
The requirement to use an alternative session identifier is not restricted only to the
Webtop application. It can be used in other WDK-based applications also. This
document is authorized for version 6.7 of Documentum products. This feature has
been implemented in version 6.7 of Documentum WDK-based products.
WDK-based applications can use the custom session identifier instead of using
JSESSIONID. By default, WDK-based applications use the jsessionid as a session
identifier.
Configuring a customized session identifier in an Documentum Web
Development Kit-based web applications 4
5. Perform the following steps at the WDK-based application and application server
levels to specify the custom session identifier:
Configuring the custom session identifier in WDK-based application
Configuring the custom session identifier in application server
Specify the same customized session identifier at the WDK-based application and the
application server levels.
Configuring the Custom Session Identifier in a WDK-based Client
Application
Modify the application-related app.xml file as follows to configure the custom session
identifier for the relevant WDK-based application.
Webtop application
1. Modify the <app-root>/wdk/app.xml file. The <app-root> folder is the application
root folder where the Webtop application is installed or deployed.
2. Configure the custom session identifier value in the <http_session_identifier> tag
in the <session-config> section element. If the <http_session_identifier> tag does
not contain a value, the application will use the default session identifier,
JSESSIONID.
<application>
……………………………………….
……………………………………….
<session_config>
……………………………
……………………………
<!-- Configurable session identifier instead of
JSESSIONID (default value) (Has to be the same
as in app server container) -->
<http_session_identifier></http_session_identifier>
</session_config>
………………………………………
………………………………………
</application>
If the application uses the webtop_sessionID custom session identifier instead of
the JSESSIONID session identifier, you must specify the custom session identifier
value in the <http_session_identifier> tag in the <session-config> element.
You must specify the same session identifier value in the application server
container also.
Configuring a customized session identifier in an Documentum Web
Development Kit-based web applications 5
6. <application>
……………………………………….
……………………………………….
<session_config>
……………………………
……………………………
<!-- Configurable session identifier instead of
JSESSIONID (default value) (Has to be the same
as in app server container) -->
<http_session_identifier>
webtop_sessionID
</http_session_identifier>
</session_config>
………………………………………
………………………………………
</application>
TaskSpace application
1. Modify the <app-root>/taskspace/app.xml file. The <app-root> folder is the
application root folder where the TaskSpace application is installed or deployed.
2. You must configure the custom session identifier value in the
<http_session_identifier> tags under the <session-config> section element.
3. If the <http_session_identifier> tag does not contain a value, the TaskSpace
application will use the default JSESSIONID session identifier.
4. If the TaskSpace application does not have the <http_session_identifier> element,
you must explicitly add this tag under the <session-config> element.
<application>
……………………………………….
……………………………………….
<session_config>
……………………………
……………………………
<!-- Configurable session identifier instead of
JSESSIONID (default value) (Has to be the same
as in app server container) -->
<http_session_identifier></http_session_identifier>
</session_config>
………………………………………
………………………………………
Configuring a customized session identifier in an Documentum Web
Development Kit-based web applications 6
7. </application>
If the application wants to use the custom session identifier as
taskspace_sessionID instead of the JSESSIONID session identifier, you must
specify this value in the <http_session_identifier> tag under the <session-config>
element.
You must specify the same session identifier in the application server container.
The same we will cover in the next section.
<application>
……………………………………….
……………………………………….
<session_config>
……………………………
……………………………
<!-- Configurable session identifier instead of
JSESSIONID (default value) (Has to be the same
as in app server container) -->
<http_session_identifier>
taskspace_sessionID
</http_session_identifier>
</session_config>
………………………………………
………………………………………
</application>
Other WDK-based applications
For other WDK-based such as Web Publisher, Digital Asset Manager and so on, modify
the application-related app.xml file to specify the <http_session_identifier> value
under the <session-config> element to support the custom session identifier.
Configuring the Custom Session Identifier on the Application
Server
You must specify the same custom session identifier configured in the WDK-based
application at the application server level to reflect the altered session identifier in
the WDK-based application.
This section discussed the process of configuring the custom session identifier on the
WebLogic and WebSphere application servers.
Configuring the custom session identifier on the WebLogic application server
You must configure the custom session identifier configured in the WDK-based
application app.xml file, in the weblogic.xml file.
Configuring a customized session identifier in an Documentum Web
Development Kit-based web applications 7
8. The weblogic.xml file is available here: <app-root>/WEB-INF/weblogic.xml. The <app-
root> folder is the application root location where the WDK-based application is
installed or deployed.
<weblogic-web-app>
……………………………………….
……………………………………….
<session-descriptor>
<session-param>
<param-name>CookieName</param-name>
<param-value> webtop_sessionID </param-value>
</session-param>
</session-descriptor>
…………………………………………………….
……………………………………………………
</weblogic-web-app>
Configuring the custom session identifier on the IBM WebSphere application
server
If you are using the WebSphere application server, specify the
SessionRewriteIndentifier property to configure the custom session identifier. The
SessionRewriteIdentifier property is used to support the application server using a
different session identifier other than the JSESSIONID session identifier.
You can specify additional settings for session management by setting custom
properties.
The following steps enable you to set custom properties for session management.
You must create the SessionRewriteIndentifier custom property, and set its value as
webtop_sessionID. The webtop_sessionID custom session identifier is created for the
WDK-based application instead of the JSESSIONID session identifier.
To configure a custom session identifier on the IBM WebSphere application server:
1. In the administrative console select Servers > Application Servers > server_name >
Web Container Settings > Web container.
2. Under Additional Properties select Custom Properties.
3. Click New.
4. Enter the property to configure in the Name field (SessionRewriteIndentifier) and
the value in the Value field (webtop_sessionID).
5. Click Apply or OK.
6. Click Save to save the configuration changes.
7. Restart the server.
Configuring a customized session identifier in an Documentum Web
Development Kit-based web applications 8
9. Configuring the CookiePath on the WebLogic application server
The WebLogic application server inserts the "/" character by default, as the cookie
path for the session tracking cookie. If you run two web applications on the same IP
address, you must set the correct cookie path in both web application configurations
to ensure that neither of the applications interferes with the cookies.
Example
You open two applications, Documentum Webtop and Documentum Administrator in
two separate browser instances, and log in to each application. The Session timeout
message is displayed in the first application into which you logged in. You cannot log
in to two WDK-based applications concurrently, although they are invoked in separate
browser windows.
To avoid concurrent session timeout errors:
Make sure that the cookie path is set for all your applications.
For example, add the following configuration settings in <app-rrot>/WEB-
INF/weblogic.xml for Webtop and all other WDK-based client applications:
<weblogic-web-app>
<description>Weblogic Webapp</description>
<session-descriptor>
<session-param>
<param-name>CookiePath</param-name>
<param-value>/<app-root> </param-value>
</session-param>
</session-descriptor>
</weblogic-web-app>
Note: The WDK-based application such as Digital Asset Manager, Webtop, or
TaskSpace is installed or deployed in the <app-root> application root location.
Conclusion
This white paper provides information about configuring a customized session
identifier instead of the JSESSIONID for WDK-based applications such as Webtop and
TaskSpace.
This white paper also provides instructions to set the same session identifier in the
WebLogic application server and WebSphere application server to reflect the altered
session identifier in the WDK-based application.
Configuring a customized session identifier in an Documentum Web
Development Kit-based web applications 9