What's CookieSessionFilter?

SessionCookieFilter is a servlet filter which stores session data into the client cookie. It provides HttpSession interface. So any modification in your application is not necessary.

In using SessionCookieFilter, session replication becomes unnecessary for multiplexing of application servers. You'll be able to make and manage multiplexing environment more easily.



If you are using Maven, you can get CookieSessionFilter from the Maven repository which is provided by Project Amateras. Add the following fragment into your pom.xml.

    <name>Project Amateras Maven2 Repository</name>



Register CookieSessionFilter in web.xml as following:



Note the key is the Blowfish secret key. You have to modify it appropriately.

CookieSessionFilter has a following init parameters:

Name Description
cookieName The cookie name which is stored session data. The default is 'session-cookie'.
cookiePath The cookie path for the session cookie. The filter sets no path by default.
cookieDomain The cookie domain for the session cookie. The filter sets no domain by default.
cipher (required) The class name of cipher which encrypts cookie values. CookieSessionFilter contains an implementation 'jp.sf.amateras.cookiesession.cipher.BlowfishCipher'.
encoder The class name of encoder which encodes session attributes as the string and decode it. The default is 'jp.sf.amateras.cookiesession.encoder.BinaryEncoder'. CookieSessionFilter also contains 'jp.sf.amateras.cookiesession.encoder.JSONEncoder' which serializes as the JSON string.
key The secret key for BlowfishCipher. When you specify BlowfishCipher as cipher, this parameter is required.
cookieSize The max byte size of value per a cookie. If encryped session data size exceeds this value, it throws CookieSessionException.
listeners The class name of HttpSessionAttributeListener implementation. You can specify two or more listeners by comma separation.
timeout Interval of session timeout (minutes).


  • Suitable logging
  • session-attributes persistence using memcached instead of Cookie. It means the persistence layer should become pluggable.