tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Cross Context Session Creation-
Date Fri, 08 Jan 2010 22:05:48 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arnab,

On 1/8/2010 5:34 AM, Arnab Ghosh wrote:
> Can I disable the session creation in context A and C?

Sure: make sure all your JSPs have session="false" in their headers, and
make sure that you call request.getSession(false) and check for NULL
every time.

If you want to enforce a no-session policy, you could write a
filter/valve that wraps the request and throws an exception instead of
creating a session (i.e. when request.getSession(true) is called, or if
getSession() is called and no session already exists).

> Because in context B
> , a request forwarded from context A should not share with a session with a
> request forwarded from context C in any condition. This is my requirement.
> How can I achieve that??

So, you forward like this:

A -> B, session id from A can be used to create a session in B
C -> B, session id from C cannot be used to create a session in B

If that's the case, and B needs a session, then what?

> Or I can have a unique session Id generator. Id will be unique in all
> context. Is it possible?

If the sessions are not being shared, who cares if they have the same id?

Are you overlapping URI spaces? Don't do that.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktHrDwACgkQ9CaO5/Lv0PD6mgCdHprBh+dhH/3jSRmd84BzGeBc
hRIAmwZ77zharfv2+VySOc/g166Bfnmo
=7sLr
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message