cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Stevens" <>
Subject RE: Cocoon check session id
Date Thu, 27 Oct 2005 00:07:05 GMT
>From: "Angelo Immediata" <>
>Date: Wed, 26 Oct 2005 18:17:25 +0200
>Hi all. Is possible with cocoon check if a session id is still alive?
>I must unteract with another application; i pass to this application the 
>current user's session id; after some times the flow comes back to my 
>application and by using a web service it passes to me the session id; i 
>must check if this session id is still alive... is this possible? If so... 
>how can i do?

With difficulty, I believe.  I was looking into this earlier today with a 
colleague - at one time there was a HttpSessionContext class with methods 
getIds() and getSession(java.lang.String sessionId), which sounds like just 
the job.  However, it was deprecated in servlet 2.1 with no replacement (as 
a security precaution, I guess, to prevent e.g. a hacker uploading a JSP 
that lists the currently valid session IDs that might be hijacked).  The 
best alternative we've come up with so far is to write a HttpSessionListener 
(servlet 2.3+) that maintains a Set of current IDs (added in sessionCreated 
and removed by sessionDestroyed).  Store the Set instance in some singleton 
class (being careful of thread safety, of course), and a servlet (or web 
service in your case) could check it for any given ID.

>Moreover... i have also the id of the user that used the other application, 
>i must recover from the session all is data... can i search in a way 
>between all the session token the token i want?
>Yhanks to all.

Again, this doesn't seem to be encouraged for security reasons.  The above 
approach would still work if you use a Map rather than a Set, with the 
session ID as key and a javabean of the info you're interested in as the 

I'll leave it to you to figure out how you integrate any of this with your 
Cocoon-based stuff...


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message