Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 49557 invoked from network); 18 Dec 2000 20:46:56 -0000 Received: from unknown (HELO exchange1.qsent.com) (63.125.1.19) by locus.apache.org with SMTP; 18 Dec 2000 20:46:56 -0000 Received: by exchange1.qsent.com with Internet Mail Service (5.5.2653.19) id ; Mon, 18 Dec 2000 12:46:01 -0800 Message-ID: From: Steven Newton To: "'tomcat-user@jakarta.apache.org'" Subject: RE: webapps are useless toys?! Date: Mon, 18 Dec 2000 12:46:01 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N > So assuming the site requires "single sign-on". And that there are > several segmentations of the site, each of which could > be handled by a different web-app: > > I'm getting the impression that I'm supposed to do some > kind of magic with the session cookie. Is it necessary > to persist all of the session data, to be shared between > web-apps, in the database? Or is there a trick for finding > the in-memory session data for another web-app? > A database would be necessary if you want the session information to persist across server shutdowns, but if you just want to share it amongst web apps there are alternatives. You could, for example, set up a JNDI context where all web apps needing access to particular session information could store and retrieve session variables. There's a number of ways to share session without going to a database solution. > What's the rationale behind this architecture? > Security, for one. Multiple web apps running in the same application server are isolated from running into each others' space. s