Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Maciej,
Bajolek, Maciej wrote:
Basically the problem is: how can webAppA share the session object with
webAppB. Both apps are deployed within the same instance of Tomact.
The servlet specification (section 7.3) specifies that session scope is
limited to a single web application, and specifically says that session
objects (or their contents) must never be shared between applications.
Given this, I don't think Tomcat itself is going to help you out, here.
A simple example of how I want it to work is:
http://localhost/webappa/setSessionAttr.jsp -> sets session "attr" to
"value"
http://localhost/webappa/getSessionAttr.jsp -> gets session "attr" ...
and the attribute is set to "value"
This ought to work without any problems. It's when you want:
http://localhost/webappb/getSessionAttr.jsp
... to read the stuff set in webappa/setSessionAttr.jsp that it won't work.
The only solutions I can think of are:
1. Implement custom SessionManager that stores/reads session
objects in some common repository e.g.: shared library (common
classloader)
This would work, but is fraught with difficulty because you have to
worry about releasing memory when you are finished with it.
2. implement some listeners for all applications that will notify
each other when session is created/destroyed or attrs set/unset
This is similar to #2 because you still need to store everything somewhere.
This certainly is a tough problem. :(
My grain of (Tomcat- and Java-level incompetent) salt :
Maybe you need to "step back" a bit from the idea of sharing session
data directly at the Tomcat session level. What is it really that you
need to share in these two applications ? is it simply a user login, and
maybe some linked user login level data ? If yes, then maybe you could
solve this at the application level by setting a cookie, with either the
common data just stored in it or a key to some back-end store containing
the data common to the two webapps. Each application would then have to
check for the (common) cookie, and if found retrieve the common data
first of all; if not re-direct the call to a login page. As long as
both applications run on hosts within the same domain, that should not
be a problem.
What I mean is that Tomcat has an embedded session mechanism which is
nice and handy when you can use it, but in your case you cannot. So
maybe you have to think about how you would resolve this issue if this
was not running under Tomcat in the first place.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
