tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Jaynes <justinjay...@yahoo.com>
Subject Re: Maintaining Sessions
Date Wed, 02 Jun 2004 23:22:01 GMT
That makes sense.  I did some reading since you
replied and I realize now that I can have more than
one connector per engine containing multiple hosts. 
That also explians the mysterious redirect port
parameter that I couln't make heads nor tails of till
now.

But a few web.xml questions.

There is a web.xml file in my catalinahome/conf
directory.  I have read that according to some
specifications somewhere, I should also have a web.xml
in every WEB-INF directory for each application.  Does
the main web.xml file apply to all applications, and
the WEB-INF web.xml just add settings to the specific
applications, or does it OVERRIDE the main web.xml (so
I would need to include ALL the entries found in the
main file in ALL of the application level web.xml
files)?

And what would an entry look like to force one
specific file to re-direct to the secure port?  I can
only find very vague examples that secure entire
applications.

Thanks for the help thus far,

Justin Jaynes

--- Justin Ruthenbeck <justinr@nextengine.com> wrote:
> 
> Hi,
> 
> Square peg, round hole.
> 
> It seems like the only reason you've split these
> into multiple hosts is 
> to differentiate between secure and non-secure
> communication -- that's a 
> bad idea.  From what you've said, the best approach
> is to put all of the 
> JSPs for (A) and (C) in the same webapp, but set
> <security-constraint>s 
> for those resources (C) that require https.
> 
> See:
>
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html
> 
> What you're describing here is a deployment-time
> problem -- it shouldn't 
> impact your code in a major way like distributed
> sessions would cause.
> 
> justin
> 
> 
> At 02:56 PM 6/2/2004, you wrote:
> >Hello,
> >
> >I am running Tomcat 5.0.25 on SuSE Linux 9.1.  I am
> >running ONE Tomcat server with two services:
> >
> >1.  Standalone on port 80, with two hosts:
> >     A.  A basic shopping site with a CartBean.java
> >         that I set scope=session when I call it
> from
> >         JSP's.
> >     B.  Another not related host.
> >
> >2.  Standalone SECURE on port 443, with two hosts:
> >     C.  The secure checkout site for host A
> (above)
> >     B.  Another secure, but not related, host.
> >
> >My cart.jsp on host A uses checkout.jsp on host C
> to
> >process the request.  However, the session with
> >CartBean objects does not carry over.  How do I
> keep
> >my session alive from host to host on the same
> server?
> >  And what if I decide to move the host C to
> another
> >server on another machine?  Then what?
> >
> >Or is this the wrong approach?  Is there a way to
> have
> >SOME secure jsp's on the same host as some
> non-secure
> >jsp's?
> >
> >And do I HAVE to have a WEB-INF directory for both
> >hosts, or could they somehow share a WEB-INF
> directory
> >so I only have to maintain ONE set of classes?  I
> >tried using symbolic-link WEB-INF's to one big
> WEB-INF
> >directory, but it did NOT work.
> >
> >Justin Jaynes
> >
> >
> >
> >
> >__________________________________
> >Do you Yahoo!?
> >Friends.  Fun.  Try the all-new Yahoo! Messenger.
> >http://messenger.yahoo.com/
> >
>
>---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 
> 
> ______________________________________________
> Justin Ruthenbeck
> Software Engineer, NextEngine Inc.
> justinr - AT - nextengine DOT com
> Confidential. See:
> http://www.nextengine.com/confidentiality.php
> ______________________________________________
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
> 



	
		
__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message