tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Kee" <ke...@netsco.com>
Subject RE: Sharing sessions across contexts?
Date Mon, 09 Oct 2000 00:47:49 GMT
Actually, it is quite different. The session id is a cookie kept at the
server side, not the client side that you have describe.

> -----Original Message-----
> From: kenneth topp [mailto:caught@prodigy.net]
> Sent: Friday, October 06, 2000 9:55 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: Sharing sessions across contexts?
>
>
>
> On Fri, 6 Oct 2000, Raimee wrote:
>
> > When you say the user id is propogated accross all webapps, I infer
> > that it should be availible to a servlet in any context. Though, I'm
> > not certain how
> >
> > a servlet would obtain it; if it can't be bound to a session. Now,
> > when you say that servlets running in different contexts can be
> > 'combined' into a single context - from the point of view of the
> > servlet container - you've lost me. Am I to infer
>
> yes, it likely uses basic authentication (the web browsers popup).  This
> is essential a politically correct cookie, that requires the users
> initial input..  It also has the limitation of one URL host only.. it can
> be further restricted by a "realm" but you cannot use it two website urls:
>
>   my.example.com and www.example.com
>
> >
> > that a Webapp can span multiple contexts? How is this achieved?
> > Obviously I don't know anything about Ant. And that's probably where I
> > am going to look next.
>
> ant?  oh, trying to dig into 4.x? heh.
>
> >
> > However, I have essentially an identicle problem: I require 'single
> > sign on' support for two seperate webapps, and I must be able to
> > access the userId from servlets in either context, once again, I'm not
> > sure how that is achieved.
>
> Perhaps some clarification should be made, are these separate webapps at
> different host urls?  if they are your only choice is interceptor/valve,
> and setting a cookie (that is if they are under the same example.com
> domain).  If they aren't you can still do it, but it would be more
> complex.
>
> > It seems that it's time to upgrade to Tomcat 4.x. Last time I checked
> > however the DBRealm feature was tagged as Experimental. An attractive
> > feature that would integrate nicely esspetially for the single sign on
> > requirement.
>
> Yeah, but I don't think this technology is anything more then what apache
> can do for you with a more stable 3.x.  Then again, any custom
> authentication code wouldn't be java ;)
>
> Kenneth Topp
>
> >
> > Raimee
> >
>
>


Mime
View raw message