tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mika Goeckel" <mika.goec...@gmx.de>
Subject Re: How to receive Session Manager from servlet?
Date Tue, 15 Jan 2002 12:43:50 GMT
I think that is a matter of security. Once it has access to the
SessionManager, your servlet has access to other servlets sessions as well.
That's one reason for the SessionFacade being in place.
The benefit from Tomcat being open source is, that you actually can add a
getSessionManager() to the facade if you can't get away without it.

Mika

----- Original Message -----
From: "Oto Buchta" <tapik@neo.cz>
To: <tomcat-user@jakarta.apache.org>
Cc: <tomcat-dev@jakarta.apache.org>
Sent: Tuesday, January 15, 2002 1:39 PM
Subject: How to receive Session Manager from servlet?


Hi,
I'm revriting the application from the JSDK2.0 to current Tomcat and I found
a very big problem - HttpSessionContext.getIds() is deprecated. It's clear
why, but it brings a critical problem for me.

I've found (in tomcat javadoc), that the
org.apache.catalina.Session.getManager().findSessions() should help me, but
I
cannot find the way how to use the getManager() method, because
request.getSession() returns StandardSessionFacade instead of the
StandardSession, which implements the interface org.apache.catalina.Session.

And my question is this: Could I receive the manager in another way than
rewritting the facade by changing private session to public?

Thanks very much,
--
Oto 'tapik' Buchta

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message