This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin in Action and have Dmitry Jemerov & Svetlana Isakova on-line!
See this thread for details.
Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

how to maintain session for two different contexts in tomcat  RSS feed

 
kesava chaitanya
Ranch Hand
Posts: 140
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi

In our application we r using two contexts in our product like tomcat/webapps/csc and other one is tomcat/webapps/tcm;Both csc and tcm applications we r using two different login pages.if i login in csc application i have one hyperlink tcm;if i click tcm it is redirecting to the login page;i dont want that ;whatever session maintained in csc i want to maintain in tcm also;i think for different contexts it is not maintaining sessions.
My main question is how to maintain session for different contexts ?
dont tell me to use <java:useBean scope="application"/>;we r not writing any beans.
how to set scope as application in my jsp.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What you are seeing is the correct behaviour for web applications. Application servers are meant to be able to run several applications at once while separating them so they don't interfere with each other or pose security risks (ie an untrusted app reads secure info from another app). Therefore standard behaviour is to require people to log into each application separately and for the app server to keep these logins separate.
The other side of this is 'Single sign on', which is supported in several application servers, but must be enabled explicitly (otherwise there would be gaping security holes)
I'm not sure about Tomcat's support for SSO, I'm not sure it has any. A work-around that I'm hesitant to suggest is that from memory Tomcat will provide a single session ID for both sessions, but will keep the actual session data on the client separate on the server. If you can verify this, you may be able to use the feature to move session data back to a common point (ie removing the context part of the session information) and pretending that the session data is common to both contexts.
The two biggest dangers that I see are that this session behaviour may change in a future release of Tomcat without warning, and you may have to replicate some session management functionality to pull it off.
The simplest (but I don't believe the best) would be to provide a wrapper on the session in both apps, use the session listeners to plug into some provided functionality, then store the session data in the database common to both apps.
Or there might be a simpler solution that I haven't thought of, but I hope this helps,
Dave
 
kesava chaitanya
Ranch Hand
Posts: 140
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
actually we r using jboss;how can u do that SINGLE SIGN ON in jboss;wat is session listeners;can u explain?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!