-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom,
Tom van Wietmarschen wrote: | I've been looking at a way to do this but I can't find a solution, | filters seem to be too late in the chain: a request object is already | created and there is no way to even instantiate a session object from a | self-supplied session-id let alone replace the current session object in | the HttpRequest. Actually, you /can/ use a filter of your own design if you'd like. WHen you do that, though, you have to give up the container's session management, which makes it /your/ problem to do everything including distributing sessions around a cluster, etc. Although I'd recommend against it, here's what you do: Write a filter that takes the request and looks for the X-whatever header you were talking about. If the header is present, you take the session id and look up the session in your (own) session storage area (probably a Map of some kind... you might want to check out commons-collections for some nicer maps than the basic Java API). Once you have the session, create a wrapper for your HttpServletRequest (that you write yourself) that ties the as-yet-unrelated session to the original request (through the request wrapper). Once again, you will have to do everything for the sessions, etc. Don't forget that in order to be spec-compliant, you'll need to send session event messages, etc., expire the sessions as appropriate, etc., etc., etc. | Does anyone known if there is a way to write my own handlers for | retrieving and setting the current sessionid and have tomcat use that | instead of looking at the requesturl or cookies ? Looks like org.apache.catalina.connector.CoyoteAdapter is responsible for determining the requested session id. If you were to override the parseSessionId method, you could probably get the id from the request fairly easily, although parseSessionCookiesId also gets called. You might even want to add your own method as another option, say, after the other two. See the postParseRequest method in that class. I can't seem to find the place where Tomcat sets the JSESSIONID cookie on the way out, so you'll either have to find that yourself or write a filter to add it at some point. Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfNZDUACgkQ9CaO5/Lv0PBDogCeOloU9p0jMtSZ2YAyCyf8hfDX Df0AnAvm41pSR8ZORJoc41HpurRqWLn7 =7QkG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
