tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "PREVOSTO, Laurent" <>
Subject RE : encodeURL / jsessionid
Date Thu, 26 Feb 2004 17:59:27 GMT

> De : Mike Curwen [] 
> Envoyé : jeudi 26 février 2004 00:25
> À : 'Tomcat Users List';
> Objet : RE: encodeURL / jsessionid
> No, sessions are not 'server' wide, they are scoped only to a 
> single user, of a single application.  I was looking up in 
> 'cross context' and 'single-sign-on' in the tomcat docs 
> (config docs for Context and Host, respectively), but they 
> don't appear to mention sharing a session.  Only the ability 
> to dispatch between apps, or to be challenged only once for Auth. 
> Anyone else have ideas ?  ( I think Session sharing is, 
> strictly speaking, against spec).

Yup, it used to be in the spec and implemented in j2ee container.
But it's now gone since considered to be "bad design".
You have no direct solution to share sessions between webapps.
You can only share data through an external DataSource both webapp are able
to read/write to (file, db, ejb, etc.) 
Or you consider this is the same application and you merge sources to build
a unique webapp...

Of course if your only concern is about sharing login validation, any sso
framework will do the job, tomcat provides one.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message