The test portlet stores a message in the portlet session (APPLICATION_SCOPE). It dispatches to a test servlet which tries to read and display this message: you can see whether this works when the servlet is included by the portlet jsp (this should always work), and when the servlet is opened in a new window (this is the bit which may not work).

Explanation

This is a much-discussed topic which has been explained with far more technical detail by many other people. Below I try to summarise the issue, but you may also wish to refer to:

• Cross Context Sessions & Pluto (pluto list), 8 Jan 2004, and a Tunneling workaround for Tomcat 4
• How to get Session in portlet (jetspeed-user list), 20 Jan 2005
• Wayne Holder: Session, Session who's got my Session?, Feb 02 2005
• Tomcat's emptySessionPath and Pluto's Portlet/Servlet session sharing (pluto list), 4 Feb 2005

The portlet specification allows portlets and servlets to be present in the same web application. The most common example use is a servlet which allows files or images to be retrieved and downloaded by the user. Portlets should be able to use servlets as back-end helpers: for example, a portlet may present a list of files, with links to the servlet which will open the file in a new browser window.

If all required parameters (e.g. file name) can be provided to the servlet in the URL (e.g. "/myapp/myservlet?file=image.gif"), this works without problems. However, if the servlet needs to access the current session, for example to retrieve user information or data to display, it may find that it 'sees' a different session to that seen by the portlet - despite the suggestion in the portlet specification that portlet APPLICATION_SCOPE session variables are available to both portlets and servlets. This anomaly is due to the servlet specification which requires sessions to be kept separate across web applications.

In fact, sessions are shared as you would expect from JSR168 when a servlet is embedded into the page as part of the portlet output - either in the portlet's doView() using code like getPortletContext().getRequestDispatcher(jspPath).include(request, response);, or in an included JSP using jsp:include.

However when the servlet is accessed directly, for example in an IFRAME or through a link opened in a new window, the exact behaviour is dependent on the J2EE application server being used:

• In Tomcat 5.0 and the default configuration of 5.5, servlets accessed directly do not share the portlet session.
• In Tomcat 5.5 configured with emptySessionPath="true", behaviour is the way that portlet developers probably want: sessions are shared even when the servlet is opened in an IFRAME or new window.