tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Ruthenbeck <just...@nextengine.com>
Subject Re: Maintaining Sessions
Date Wed, 02 Jun 2004 22:24:23 GMT

Hi,

Square peg, round hole.

It seems like the only reason you've split these into multiple hosts is 
to differentiate between secure and non-secure communication -- that's a 
bad idea.  From what you've said, the best approach is to put all of the 
JSPs for (A) and (C) in the same webapp, but set <security-constraint>s 
for those resources (C) that require https.

See: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html

What you're describing here is a deployment-time problem -- it shouldn't 
impact your code in a major way like distributed sessions would cause.

justin


At 02:56 PM 6/2/2004, you wrote:
>Hello,
>
>I am running Tomcat 5.0.25 on SuSE Linux 9.1.  I am
>running ONE Tomcat server with two services:
>
>1.  Standalone on port 80, with two hosts:
>     A.  A basic shopping site with a CartBean.java
>         that I set scope=session when I call it from
>         JSP's.
>     B.  Another not related host.
>
>2.  Standalone SECURE on port 443, with two hosts:
>     C.  The secure checkout site for host A (above)
>     B.  Another secure, but not related, host.
>
>My cart.jsp on host A uses checkout.jsp on host C to
>process the request.  However, the session with
>CartBean objects does not carry over.  How do I keep
>my session alive from host to host on the same server?
>  And what if I decide to move the host C to another
>server on another machine?  Then what?
>
>Or is this the wrong approach?  Is there a way to have
>SOME secure jsp's on the same host as some non-secure
>jsp's?
>
>And do I HAVE to have a WEB-INF directory for both
>hosts, or could they somehow share a WEB-INF directory
>so I only have to maintain ONE set of classes?  I
>tried using symbolic-link WEB-INF's to one big WEB-INF
>directory, but it did NOT work.
>
>Justin Jaynes
>
>
>
>
>__________________________________
>Do you Yahoo!?
>Friends.  Fun.  Try the all-new Yahoo! Messenger.
>http://messenger.yahoo.com/
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


______________________________________________
Justin Ruthenbeck
Software Engineer, NextEngine Inc.
justinr - AT - nextengine DOT com
Confidential. See:
http://www.nextengine.com/confidentiality.php
______________________________________________


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message