tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Lintner" <>
Subject RE: Sharing session ids across web applications
Date Tue, 26 Sep 2000 17:21:52 GMT
I thought I needed to do this but decided it wasnt necessary when I thought it through carefully.

However I was going to try storing the session id string  from session.getId() , an appid
and possibly an ip address in a database 
on the server with say username as the key. That way you can control how many apps and which
ones might
share the session on one machine or on multiple machines When the app comes up it checks if
there is a sessionid 
associated with the appropriate key. If not it creates it and stuffs it in the database. This
session id is 
back to the first app and gets passed to the server with every invocation. Of course the next
app does 
the same thing and finding the sessionid there sets it in the response header with the label
(same as with the first app) and passes it back to the app. The app retrieves it and uses
it when invoking
the server. depending on what you wanted to do maybe reference counting  might be necessary
but for 2 
apps it 'seems' straight forward. Just a thought though, I havent tried it.

*********** REPLY SEPARATOR  ***********

On 9/21/2000 at 5:24 PM Kitching Simon wrote:

>> -----Original Message-----
>> From:	Keith Kee []
>> Sent:	Thursday, September 21, 2000 5:09 PM
>> To:
>> Subject:	Sharing session ids across web applications
>> Hi:
>>   It seems like if I get different session ids across 2 web applications.
>> I
>> have a group of web applications which communicate to each other through
>> session ids and requires them to be the same in order to work. How can I
>> do
>> that?
>> Thanks
>> Keith
>	[Kitching Simon]  
>	As far as I can see, the short answer is that you can't.
>	Session-ids are stored in cookies, and a sesion-cookie created in
>	web application is "scoped" by the url prefix of that webapp, with
>	effect that it will not be visible in the other.
>	This makes sense, because otherwise unrelated webapps could
>	interfere with each other's sessions. Webapps are normally assumed
>	to be separate and unrelated.
>	Are you sure that you can't combine the code into *one* webapp?
>	If there is communication, then aren't they actually one
>	I *think* that the only way around this is modifying tomcat's
>	code to make the session-id cookie path "/" instead of
>"/wepappname". Or
>	writing your own session-handling code to do this. Of course, you
>then have
>	to watch out for any two webapps using the same session attribute
>name when
>	they really *didn't* want that attribute to be a shared one.
>	Perhaps with tomcat3.2's (?) "session listener" feature, you could
>catch the creation
>	of session ids' and create your own cookie with path of "/" and the
>same session key
>	or something similar.
>	All I can say is good luck!!
>	(and all the above is subject to correction by those who know
>	Regards,
>	Simon

View raw message