jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominique Pfister <dominique.pfis...@day.com>
Subject Re: Adivce about session
Date Thu, 17 Mar 2005 13:09:05 GMT
Simon Gash wrote:
> If I could leave the 'session' object up and running on a web box
> servicing a huge number of requests I would be able to scale the
> solution (as all the caches are full of juicy data servicing millions of
> requests). The bit I don't understand is how, many users can utilize the
> same session without causing authorisation problems. 

I'm not sure whether I understand you correctly: are you talking about 
web users or JCR users? Every JCR session is tied to exactly one JCR 
user (the one passed to the Repository.login method). Of course, 
different users potentially have different authorisation settings and 
therefore letting one user access the caches of another violates 
authorisation. Just keep in mind that all caches I explained are purely 
session-specific and hence represent the selected workspace's view of 
that user's session.


View raw message