tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edson Alves Pereira <eapere...@panamericano.com.br>
Subject RE: Sharing session info between Tomcat and IIS
Date Thu, 27 Feb 2003 15:02:23 GMT
	Try to use cookies, if you between ASP and JSP.to share information
or you could the the URL like http://127.0.0.1/blah.jsp?login=edson

> ----------
> De: 	Schleimer, Ben[SMTP:bensch128@yahoo.com]
> Responder: 	Tomcat Users List
> Enviada: 	quinta-feira, 27 de fevereiro de 2003 11:19
> Para: 	Tomcat Users List
> Assunto: 	Sharing session info between Tomcat and IIS
> 
> Hi,
> 
>   I am working on a project which must  securely
> Timeout the user for security purposes. Unfortunately,
> all of the login/logout code has been written (not by
> me) in ASP. I really want to use Servlets for the
> project instead of ASP. I was thinking of storing the
> user's last access time in the backend DB and updating
> it everytime a user makes a request to Tomcat. But
> this requires a DB lookup every request. Is there a
> more direct way to communicate session info between
> IIS and Tomcat?
> 
> Thanks,
> Ben
> 
> --- Greg Speechley <greg@learnedsolutions.com> wrote:
> > Hi Yoav,
> > 
> > I was wondering why using sessions is unreliable for
> > tracking users who are
> > logged in, getting last accessed time, etc? I would
> > have thought that
> > storing all the current sessions in a Vector (or
> > some other data structure)
> > with a User object (storing all their relevant info)
> > bound to each session
> > would work well. What alternative would you suggest
> > because the situation
> > described by R.C.Nougain sounds very similar to what
> > we have where I work.
> > 
> > Cheers
> > Greg Speechley
> > 
> > -----Original Message-----
> > From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com]
> > Sent: Wednesday, 26 February 2003 12:46 AM
> > To: Tomcat Users List
> > Subject: RE: Tomcat 4.1.18 session objects
> > 
> > 
> > 
> > Howdy,
> > 
> > >Where can I find the changes list from Tomcat 4.0.x
> > to Tomcat 4.1.x.
> > 
> > Download any release of tomcat.  Explode the
> > distribution and you'll see a
> > bunch of release notes files, one for each labeled
> > release, detailing what's
> > new in that release.
> > 
> > >| For each user session I store the reference| to
> > the session in a Vector
> > >so that I
> > >| can tell what users are logged-in,
> > last-accessed-time etc. It was working
> > >fine
> > >| in Tomcat 4.0.4. But in Tomcat4.1.18 (perhaps due
> > to new specifications)
> > >session
> > >| objects are pooled (StandardSessionFactory) and
> > hence the references I
> > >| am storing in the Vector become useless across
> > the jsp page calls. I have
> > >a
> > >| thread that uses this Vector to clean up the
> > users that are timedout but
> > >since
> > >| the session refs in my Vector are useless I can
> > do nothing. Instead of
> > >| storing the refs if I store Session IDs then can
> > I get ref to a session
> > >from
> > >| JSP Server so that I can get the attributes I
> > have set in it. Please
> > >comment.
> > 
> > Since you only asked for comments... There is no new
> > specification regarding
> > http servlet sessions from tomcat 4.0 to 4.1.  It's
> > still the servlet spec
> > v2.3.
> > 
> > Your design is vulnerable to any changes in the
> > container session fa├žade
> > implementation.  Note that the container is not
> > required to provide you with
> > a session list per se.
> > 
> > I don't think using sessions to track who's logged
> > in and last-access-time
> > for resources is reliable.  But if you want to do it
> > that way, write an
> > HttpSessionListener.  It was created for these sort
> > of session tracking
> > things.  Move your vector into that listener.  Add a
> > reference each time a
> > session is created, remove it when a session is
> > destroyed.  Add whatever
> > other functionality you need to the listener.
> > 
> > Yoav Shapira
> > Millennium ChemInformatics
> > 
> > 
> > 
> > This e-mail, including any attachments, is a
> > confidential business
> > communication, and may contain information that is
> > confidential, proprietary
> > and/or privileged.  This e-mail is intended only for
> > the individual(s) to
> > whom it is addressed, and may not be saved, copied,
> > printed, disclosed or
> > used by anyone else.  If you are not the(an)
> > intended recipient, please
> > immediately delete this e-mail from your computer
> > system and notify the
> > sender.  Thank you.
> > 
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> > 
> > 
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> > 
> 
> 
> =====
> "The competent programmer is fully aware of the strictly limited size of
> his own skull; therefore he approaches the programming task in full
> humility, and among other things he avoids clever tricks like the plague"
> - Edsger Dijkstra
> 
> http://snow.prohosting.com/bensch
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message