tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shih Chang <sh...@lsil.com>
Subject Re: session sharing
Date Wed, 21 Feb 2001 03:32:03 GMT
Craig:

Thank you for your very helpful information.

Clark

"Craig R. McClanahan" wrote:

> Shih Chang wrote:
>
> > Hi! I am a new user of tomcat 3.2.1.
> > Although in the servlet API document mentions that
> > session object ties with the servletcontext, is there any
> > way in the tomcat that different web apps can share one
> > session information?
> >
>
> No.
>
> Even if you modified Tomcat's code to break this rule from the servlet
> specification, you would quickly run into class loading problems.
> Consider the following scenario:
>
> * Web App #1 creates a session attribute using
>   class Foo, which was loaded from the WEB-INF/classes
>   of that app
>
> * Web App #2 accesses this same session (through your
>   changes to Tomcat) and tries to access this attribute.
>   They will get a ClassNotFoundException, because the
>   WEB-INF/classes directory of Web App #1 is not visible
>   to the class loader for Web App #2.
>
> >
> > I think it is very common after a user login a web site, he/she
> > can access different apps under the web site without
> > logging in again.
> >
>
> This is something you can do without sharing sessions, as long as your
> servlet container supports "single sign on".  Tomcat 3.2 does not do
> this, but 4.0b1 does if you enable it.
>
> The basic idea is that your user has free rein of all the apps on the web
> site until they access a resource that is protected by a security
> constraint.  Once they do, they are challenged for username and password,
> and authenticated.  Now, the servlet container remembers that identity
> across web apps, so they will not need to log on again.
>
> >
> > THANKS!
> >
> > Clark
> >
>
> Craig McClanahan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-user-help@jakarta.apache.org


Mime
View raw message