tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Cross Context Session in Tomact
Date Tue, 07 Oct 2008 07:11:01 GMT
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Maciej,
> 
> Bajolek, Maciej wrote:
>> Basically the problem is: how can webAppA share the session object with
>> webAppB. Both apps are deployed within the same instance of Tomact.
> 
> The servlet specification (section 7.3) specifies that session scope is
> limited to a single web application, and specifically says that session
> objects (or their contents) must never be shared between applications.
> 
> Given this, I don't think Tomcat itself is going to help you out, here.
> 
>> A simple example of how I want it to work is:
>>
>> http://localhost/webappa/setSessionAttr.jsp   -> sets session "attr" to
>> "value"
>>
>> http://localhost/webappa/getSessionAttr.jsp   -> gets session "attr" ...
>> and the attribute is set to "value"
> 
> This ought to work without any problems. It's when you want:
> 
> http://localhost/webappb/getSessionAttr.jsp
> 
> ... to read the stuff set in webappa/setSessionAttr.jsp that it won't work.
> 
>> The only solutions I can think of are:
>>
>> 1.	Implement custom SessionManager that stores/reads session
>> objects in some common repository e.g.: shared library (common
>> classloader)
> 
> This would work, but is fraught with difficulty because you have to
> worry about releasing memory when you are finished with it.
> 
>> 2.	implement some listeners for all applications that will notify
>> each other when session is created/destroyed or attrs set/unset
> 
> This is similar to #2 because you still need to store everything somewhere.
> 
> This certainly is a tough problem. :(
> 
My grain of (Tomcat- and Java-level incompetent) salt :
Maybe you need to "step back" a bit from the idea of sharing session 
data directly at the Tomcat session level.  What is it really that you 
need to share in these two applications ? is it simply a user login, and 
maybe some linked user login level data ?  If yes, then maybe you could 
solve this at the application level by setting a cookie, with either the 
common data just stored in it or a key to some back-end store containing 
the data common to the two webapps.  Each application would then have to 
check for the (common) cookie, and if found retrieve the common data 
first of all; if not re-direct the call to a login page.  As long as 
both applications run on hosts within the same domain, that should not 
be a problem.
What I mean is that Tomcat has an embedded session mechanism which is 
nice and handy when you can use it, but in your case you cannot.  So 
maybe you have to think about how you would resolve this issue if this 
was not running under Tomcat in the first place.



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message