-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck,
Caldarale, Charles R wrote: > I don't believe there's any configuration mechanism for this > capability. You can implement an HttpSessionListener in conjunction > with a fairly simple filter or valve for the webapps of interest to > limit the number of sessions per webapp. See section 10 of the > Servlet spec for details about event listeners: > http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html > > The listener cannot stop a session from being created; it would > simply maintain a count of active sessions for the webapp. The > filter or valve should be the first item in the request processing > chain, and it would have the responsibility of checking the count > maintained by the listener and deciding whether to proceed with the > request or forward/redirect to an error page. If you coupled an HttpSessionListener with a wrapper around the HttpServletRequest that checks with the session listener, you could veto the creation of sessions (which might actually be "safer" in this case, since you avoid creating lots of sessions that are never used because you forward the user to an error page). It would work something like this: HttpSessionListener - - Keeps an accurate count of active sessions HttpServletRequestWrapper - - Overrides getSession and getSession(boolean) to consult the HttpSessionListener's active session count; throws an exception if the count exceeds some configurable limit Communication between these two object is left as an exercise for the reader ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkltBz4ACgkQ9CaO5/Lv0PBwwQCffsAB9BLghx+HG1+oJmwktjQI UmIAoLyfA7B6vVCjdURhfOysv3yJFJMO =Yy/w -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
