tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kitching Simon <Simon.Kitch...@orange.ch>
Subject RE: Sharing session ids across web applications
Date Thu, 21 Sep 2000 15:24:32 GMT


> -----Original Message-----
> From:	Keith Kee [SMTP:keith@netsco.com]
> Sent:	Thursday, September 21, 2000 5:09 PM
> To:	tomcat-user@jakarta.apache.org
> Subject:	Sharing session ids across web applications
> 
> 
> Hi:
>   It seems like if I get different session ids across 2 web applications.
> I
> have a group of web applications which communicate to each other through
> session ids and requires them to be the same in order to work. How can I
> do
> that?
> 
> Thanks
> Keith
	[Kitching Simon]  
	As far as I can see, the short answer is that you can't.

	Session-ids are stored in cookies, and a sesion-cookie created in
one
	web application is "scoped" by the url prefix of that webapp, with
the
	effect that it will not be visible in the other.

	This makes sense, because otherwise unrelated webapps could
	interfere with each other's sessions. Webapps are normally assumed
	to be separate and unrelated.

	Are you sure that you can't combine the code into *one* webapp?
	If there is communication, then aren't they actually one
application?

	I *think* that the only way around this is modifying tomcat's
session-handling
	code to make the session-id cookie path "/" instead of
"/wepappname". Or
	writing your own session-handling code to do this. Of course, you
then have
	to watch out for any two webapps using the same session attribute
name when
	they really *didn't* want that attribute to be a shared one.

	Perhaps with tomcat3.2's (?) "session listener" feature, you could
catch the creation
	of session ids' and create your own cookie with path of "/" and the
same session key
	or something similar.

	All I can say is good luck!!

	(and all the above is subject to correction by those who know
better...)

	Regards,

	Simon

Mime
View raw message