tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Ruthenbeck <>
Subject Re: Maintaining Sessions
Date Wed, 02 Jun 2004 22:24:23 GMT


Square peg, round hole.

It seems like the only reason you've split these into multiple hosts is 
to differentiate between secure and non-secure communication -- that's a 
bad idea.  From what you've said, the best approach is to put all of the 
JSPs for (A) and (C) in the same webapp, but set <security-constraint>s 
for those resources (C) that require https.


What you're describing here is a deployment-time problem -- it shouldn't 
impact your code in a major way like distributed sessions would cause.


At 02:56 PM 6/2/2004, you wrote:
>I am running Tomcat 5.0.25 on SuSE Linux 9.1.  I am
>running ONE Tomcat server with two services:
>1.  Standalone on port 80, with two hosts:
>     A.  A basic shopping site with a
>         that I set scope=session when I call it from
>         JSP's.
>     B.  Another not related host.
>2.  Standalone SECURE on port 443, with two hosts:
>     C.  The secure checkout site for host A (above)
>     B.  Another secure, but not related, host.
>My cart.jsp on host A uses checkout.jsp on host C to
>process the request.  However, the session with
>CartBean objects does not carry over.  How do I keep
>my session alive from host to host on the same server?
>  And what if I decide to move the host C to another
>server on another machine?  Then what?
>Or is this the wrong approach?  Is there a way to have
>SOME secure jsp's on the same host as some non-secure
>And do I HAVE to have a WEB-INF directory for both
>hosts, or could they somehow share a WEB-INF directory
>so I only have to maintain ONE set of classes?  I
>tried using symbolic-link WEB-INF's to one big WEB-INF
>directory, but it did NOT work.
>Justin Jaynes
>Do you Yahoo!?
>Friends.  Fun.  Try the all-new Yahoo! Messenger.
>To unsubscribe, e-mail:
>For additional commands, e-mail:

Justin Ruthenbeck
Software Engineer, NextEngine Inc.
justinr - AT - nextengine DOT com
Confidential. See:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message