tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kenneth topp <cau...@prodigy.net>
Subject RE: Sharing sessions across contexts?
Date Mon, 09 Oct 2000 16:20:58 GMT

On Sun, 8 Oct 2000, Keith Kee wrote:

> Actually, it is quite different. The session id is a cookie kept at the
> server side, not the client side that you have describe.

I don't think I mentioned session id.  I was trying to describe the way
http authentication works.  Which, I maintain, has many properties like a
cookie.

Kenneth Topp



> 
> > -----Original Message-----
> > From: kenneth topp [mailto:caught@prodigy.net]
> > Sent: Friday, October 06, 2000 9:55 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: Sharing sessions across contexts?
> >
> >
> >
> > On Fri, 6 Oct 2000, Raimee wrote:
> >
> > > When you say the user id is propogated accross all webapps, I infer
> > > that it should be availible to a servlet in any context. Though, I'm
> > > not certain how
> > >
> > > a servlet would obtain it; if it can't be bound to a session. Now,
> > > when you say that servlets running in different contexts can be
> > > 'combined' into a single context - from the point of view of the
> > > servlet container - you've lost me. Am I to infer
> >
> > yes, it likely uses basic authentication (the web browsers popup).  This
> > is essential a politically correct cookie, that requires the users
> > initial input..  It also has the limitation of one URL host only.. it can
> > be further restricted by a "realm" but you cannot use it two website urls:
> >
> >   my.example.com and www.example.com
> >
> > >
> > > that a Webapp can span multiple contexts? How is this achieved?
> > > Obviously I don't know anything about Ant. And that's probably where I
> > > am going to look next.
> >
> > ant?  oh, trying to dig into 4.x? heh.
> >
> > >
> > > However, I have essentially an identicle problem: I require 'single
> > > sign on' support for two seperate webapps, and I must be able to
> > > access the userId from servlets in either context, once again, I'm not
> > > sure how that is achieved.
> >
> > Perhaps some clarification should be made, are these separate webapps at
> > different host urls?  if they are your only choice is interceptor/valve,
> > and setting a cookie (that is if they are under the same example.com
> > domain).  If they aren't you can still do it, but it would be more
> > complex.
> >
> > > It seems that it's time to upgrade to Tomcat 4.x. Last time I checked
> > > however the DBRealm feature was tagged as Experimental. An attractive
> > > feature that would integrate nicely esspetially for the single sign on
> > > requirement.
> >
> > Yeah, but I don't think this technology is anything more then what apache
> > can do for you with a more stable 3.x.  Then again, any custom
> > authentication code wouldn't be java ;)
> >
> > Kenneth Topp
> >
> > >
> > > Raimee
> > >
> >
> >
> 


Mime
View raw message