tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arnab Ghosh <gh...@glenwoodsystems.com>
Subject Re: Cross Context Session Creation-
Date Fri, 08 Jan 2010 07:18:52 GMT
Dear Friends,

*>>>To quote from 7.3 of the servlet spec (which you should read):

"HttpSession objects must be scoped at the application (or servlet context)
level.  The underlying mechanism, such as the cookie used to establish the
session, can be the same for different contexts, but the object referenced,
including the attributes in that object, must never be shared between
contexts by the container.

"To illustrate this requirement with an example: if a servlet uses the
RequestDispatcher to call a servlet in another Web application, any sessions
created for and visible to the servlet being called must be different from
those visible to the calling servlet."
*
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Actually I have an doubt . I ran a test cycle. I cleared all cookies and
then I sent a request to context A then from there it will forward to
context B. I have added session listener in both context. See the below
result -

I am in a servlet of *context A*
Calling *request.getSession(true);*
Session Created in A ------------>*D52869941C38BC234CD9A940429C403A*  (
session listener in context A)
Session ID--------------------------------*D52869941C38BC234CD9A940429C403A*

Forwarding to another servlet *of context B*
session Created in B----->*D52869941C38BC234CD9A940429C403A*  ( session
listener in context B)
Request Forwarded

I found that session created in A and B are different and invisible to each
other. But the session ID is same. I want to know is there any chance of
overriding existing session in context B?? Is it a mere coincidence or is
there any logic behind this same session Id scenario??

Thanks,
Ghosh

On Thu, Jan 7, 2010 at 11:50 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:

> > From: Arnab Ghosh [mailto:ghosh@glenwoodsystems.com]
> > Subject: Cross Context Session Creation-
> >
> > Now I want to know while forwarding a request from A to D ,
> > whether session will go from A to D or a new session will
> > be created under D.
>
> To quote from 7.3 of the servlet spec (which you should read):
>
> "HttpSession objects must be scoped at the application (or servlet context)
> level.  The underlying mechanism, such as the cookie used to establish the
> session, can be the same for different contexts, but the object referenced,
> including the attributes in that object, must never be shared between
> contexts by the container.
>
> "To illustrate this requirement with an example: if a servlet uses the
> RequestDispatcher to call a servlet in another Web application, any sessions
> created for and visible to the servlet being called must be different from
> those visible to the calling servlet."
>
> > Also I want to know how many active session I can create under a web
> > application/context in tomcat??
>
> Whatever your heap size allows.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message