httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Hilton <>
Subject Re: [users@httpd] Apache with mod_jk2 - Sessions/Cookies etc.
Date Wed, 09 Feb 2005 14:26:54 GMT
On 2/8/05 10:29 PM, "Marian D Marinov" <> wrote:

> [cut]
>> The question has arisen from the developer about sessions, coolkies etc and
>> how the PHP application and the Java can easily share information.  It
>> would be preferable if we could simply control access to the Java app based
>> upon the existence of a particular cookie, at the Apache httpd level, using
>> htaccess or something similar.
> [cut]
> The best practice for this is to use the same session_name cookie in the two
> apps. And to store session data into database. If it is not possible to use
> database as storage you will need to have access to session storage files
> from both apps. The only problem is that PHP Session values are serialized in
> different way than Java's.
> Using only apache you will face big security issue here. You can easy
> compromise your session information if you don't use strong security checks.
> Regards
> M.Marinov

I would also suggest using a database for storing session. It seems more
elegant to keep all the nuts and bolts of the application contained in the
application, rather than pawning the responsibility of a major piece like
session handling off to an external mechanism.

To help with the cross-language barrier, I would suggest utilizing a
technology like WDDX (XML based technology) for passing data between the
languages. It was developed specifically for this task.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message