Wednesday, April 15, 2009

HTTP-sessions and the Google App Engine/J - some implemention details

The Google App Engine/J environment gives you access to the standard Java mechanism for handling HTTP-sessions - namely the familiar HttpSession (javax.servlet.http.HttpSession).

The first thing to note about the GAE/J HttpSession is that by default you're only allowed read-access to the session.  If you want write to the session -- that is calling setAttribute(..., ...) -- you're required to setup session handling by adding <sessions-enabled>true</sessions-enabled> to your WEB-INF/appengine-web.xml.

Once you've enabled sessions you'll have HttpSession:s that behave like you're used to. Well, they behave like you're used to -- you can getAttribute(...) and you can setAttribute(..., ...) -- but behind behind the scenes there are a few implementation details to be aware of.

As described in a previous post two consecutive HTTP-requests sent by the same user to the same GAE/J-app may very well be served by two different JVM:s. An application developer would under normal circumstances assume that what he writes to the session in request N is available for retrieval from the session in request N+1 (assuming that the time between the two request is reasonably small). But in the case of GAE/J those two requests might be served by different JVM:s. Luckily, the GAE/J infrastructure makes sure that the session data is shared across all JVM:s serving your requests.

The sharing of HttpSession data is achieved by temporarily storing  your session data in the App Engine Datastore and memcache

After your servlet has processed the request and returned its reponse a serialized version of the HttpSession is stored in the App Engine Datastore and memcache. If subsequent requests are routed to other JVM:s this data will be read to re-create the HttpSession.

A Datastore entity of kind "_ah_SESSION" is created for each new HttpSession. The entity key is "_ahs" + session.getId(). Each _ah_SESSION entity has two properties "_values" and "_expires".

The "_values" property is simply the serialized byte[] representation of a HashMap that includes the the session data.

The "_expires" property is the absolute time-to-live of the HttpSession and is expressed in milliseconds since January 1, 1970 (Unix time expressed in milli-seconds). The default time-to-live is 24 hours, but can be configured by altering . The _expires field is updated each time the session is active (_expires = System.currentTimeMillis() + 24 * 60 * 60 * 1,000 = System.currentTimeMillis() + 86,400,000).

Automatic removal of expired ah_SESSION entities (_ah_SESSION:s where _expires < System.currentTimeMillis()) did not make it to the initial GAE/J release, but it's probably safe to assume that it will be fixed in an upcoming release.

I'm planning a follow-up blog post about the corresponding loading and retrieval of HttpSession data from the memcache.

This is what I've found out about GAE/J session handling so far - please leave a comment if you have any additions and/or corrections!
Posted by at 7:33 PM
Labels: , , , ,

10 comments:

  1. Hi!

    Thanks for this, I'm trying to do something big in GAE/J, and I was looking for infos about HttpSession implementation in GAE (on the docs it was only 1 paragraph, it's not enough for me :))

    So in general: you don't have to worry about anything? just putting and getting attributes? Or what is the level I need to worry about (But it's good to know that in the background, google works hard)
    ReplyDelete
  2. Hi Bálint! Thanks for your comment, and glad you found the blog!

    Yes, you should be able to use the session just as you're used to from a "normal" servlet container. You should be able to get and set session attributes just as you're used to!

    The heavy lifting -- distributing the sessions among all JVM:s serving the requests to your app -- is done behind the scenes.
    ReplyDelete
  3. Thanks for your answer! It helps me a lot, and it's good to know, that what's happening behind the scenes :)
    ReplyDelete
  4. Has anybody a snippet to show how to store something in session (in request N) and retreive it from session (in request N+1)
    My problem is that i want do this in a Grails app i deploy on GAE..and should forget session['name']=myObj
    Thanks in advance
    ReplyDelete
  5. I have a problem with HttpSession. It doesn't work correctly with GAE. I use classiq methods to store and retrieve objects sessions.
    I have activate the management inside web-appengine.xml with sessions-enabled tag

    When i want use objects in JSP, theses objects are null and i have an exception

    Is it a big bug of GAE version Java OR NOT ?
    ReplyDelete
  6. Hi I am also messing with the issue. I have set an attribute in session but cant able to get. And got NullPointerException on it. I have also enabled it in web-appengine.xml.

    Any help or idea... :(
    ReplyDelete
  7. Hi I also have a problem with session handling. When GAE tries to serialize the session i got an Exception

    java.io.NotSerializableException:
    com.google.apphosting.runtime.jetty.SessionManager

    As i understand this message it says: The sessions referes to a SessionManager which does not implements Serializable. But the implementation is from google (The force i not with me).

    I tried to get the error on the local system and serializing the session into a byte array after each "doPost" in my servlet. It also has a problem that the session manager is not serializeable. But if i step into a debugger and change the references to SessionManager to null, than serialization works. So it is not a problem of my objects.

    Any help?
    ReplyDelete
  8. Hi everyone!
    I have problems with session when i deploy my app. But locally everything works fine. It looks like that I can't set new session. I did everything as u wrote above, enabled session in appengine-web.xml ...
    Suggestions ?
    thank u
    ReplyDelete
  9. I’m currently writing a series of blogs about GEA in combination with sessions. I think some of the questions above will be answers with my experiences. Take a look at my blog at http://jvdkamp.wordpress.com/
    ReplyDelete
  10. make sure that every object written to the session implements java.io.Serializable.

    Otherwise it will work in dev mode but fail in prod.
    ReplyDelete

Subscribe to: Post Comments (Atom)