tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Cross Context Session Creation-
Date Fri, 08 Jan 2010 22:05:48 GMT
Hash: SHA1


On 1/8/2010 5:34 AM, Arnab Ghosh wrote:
> Can I disable the session creation in context A and C?

Sure: make sure all your JSPs have session="false" in their headers, and
make sure that you call request.getSession(false) and check for NULL
every time.

If you want to enforce a no-session policy, you could write a
filter/valve that wraps the request and throws an exception instead of
creating a session (i.e. when request.getSession(true) is called, or if
getSession() is called and no session already exists).

> Because in context B
> , a request forwarded from context A should not share with a session with a
> request forwarded from context C in any condition. This is my requirement.
> How can I achieve that??

So, you forward like this:

A -> B, session id from A can be used to create a session in B
C -> B, session id from C cannot be used to create a session in B

If that's the case, and B needs a session, then what?

> Or I can have a unique session Id generator. Id will be unique in all
> context. Is it possible?

If the sessions are not being shared, who cares if they have the same id?

Are you overlapping URI spaces? Don't do that.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message