tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Custom session tracking method?
Date Wed, 07 Apr 2004 12:54:36 GMT

The reason your approach feels ugly and fragile to you is because it IS
;)  Session-tracking is mandated by a couple of specs (J2EE, Servlet),
and tomcat implements it per the spec.  If you do something different,
you will very likely have misbehaving 3rd party libraries that rely on
proper session tracking behavior.

Since you're rewriting your CGI scripts as servlets, why not modify them
to not expect the session-num parameter, and instead get the session ID
via normal java code (request.getSession().getId())?  It's simpler,
standard, less code for you to write and test...

Please continue this discussion on the tomcat-user list, not tomcat-dev.

Yoav Shapira
Millennium Research Informatics

>-----Original Message-----
>From: Sandy McArthur []
>Sent: Tuesday, April 06, 2004 5:05 PM
>Subject: Custom session tracking method?
>Hi all,
>Is there a way to implement custom session tracking at the container
>I'm trying to figure out how to implement a custom session tracking
>method. I have a legacy client that interacts with a set of cgi scripts
>and I'd like to port those scripts to servlets. I'm running into a
>problem because the client passes session ids as a query parameter
>named 'session-num' (e.g.: /update?session-num=TOKEN). The client does
>not support cookies and there is no way to tell it use a JSESSIONID
>encoded in the path.
>I've followed the code as best as I can starting at
>org.apache.coyote.tomcat5.CoyoteAdapter parses the JSESSIONID from the
>request/cookies to where the org.apache.catalina.Manager fetches the
>org.apache.catalina.Session and I don't see anyway to directly override
>the session tracking behavior.
>The best idea I currently have is to use a Valve and a custom Manager
>and hope none of the Manager.{create,find}Session() methods are called
>before my Valve can parse the request and stuff the "session-num" in a
>ThreadLocal that Manager can use when returning a Session.
>That feels ugly and fragile to me. Does anyone have a better solution?
>Sandy McArthur

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message