You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Mon Cab <fu...@yahoo.com> on 2007/02/10 05:57:06 UTC
getting Session from SessionId
I am trying to integrate a web application to an external service, and
need to be able to take an incoming sessionId from the external
service server, and to return details from the session to which that
sessionId applies.
I understand that there was a getSession(String sessionid) method, in
HttpSessionContext which has since been deprecated.
Does anyone know how I would do this, with the Servlet 2.3 APIs?
____________________________________________________________________________________
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: getting Session from SessionId
Posted by Leon Rosenberg <ro...@googlemail.com>.
On 2/10/07, Mon Cab <fu...@yahoo.com> wrote:
>
> I think its going to have to be solution 1. All Im really interested
> in is user data associated with a session, so I'll probably map userId
> to sessionID in the DB and then pull user info when the service sends
> me a session id.
>
> I like the idea of the session map though. Maybe use a singleton to
> store the map and then access the sessions from there. Why do you say
> this might not be a good idea?
We did exactly that for a similar reason and it worked out perfectly.
We even went further and replaced web-containers session by an own
session implementation with useful enhancements (auto-expiring
attributes, auto-distributed attributes and so on) and an own session
management and there were absolutely no drawbacks. We also associated
current session with the http-worker-thread giving us the ability to
access the session from anywhere inside the container without
explicitly passing it as parameters through dozen layers of code.
All in one having a central point where all sessions are stored is
definitely the way to go, and having access to the session outside of
the request scope gives you a lot of possibilities which you don't
have in standard environment. I think that its a serious flaw in the
spec, that you aren't able to access the session when you need it.
regards
Leon
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: getting Session from SessionId
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mon,
Mon Cab wrote:
> I think its going to have to be solution 1. All Im really interested
> in is user data associated with a session, so I'll probably map userId
> to sessionID in the DB and then pull user info when the service sends
> me a session id.
Here another solution:
1. Create an action that accepts a session id as a parameter.
Then, have that action make a loopback call to the web server,
but put the session id into the URL (basically, url-encode the
session id yourself) and call the action in #2:
2. Create another action that returns the session information you
want as, say, XML.
3. Back in your first action, parse the XML and re-format it as HTML.
Better yet, throw everything into cocoon and don't write any code
yourself. ;)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFzyZ29CaO5/Lv0PARAqiwAKCOUkKlvLj6oRowTG9NEXWqqRO7rwCgnXzB
wWThV4mGneOm8QrxbNn1gJg=
=nr6M
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: getting Session from SessionId
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
Mon Cab wrote:
> I like the idea of the session map though. Maybe use a singleton to
> store the map and then access the sessions from there. Why do you say
> this might not be a good idea?
For the same general reason getting access to a session that isn't
associated with the request is probably a bad idea: security concerns.
Depending on what you store in session, having a cross-context ability
in essence opens up the possibility of a clever hacker somehow stealing
information they should never have had access to.
I'm also not entirely sure any app server will let you do it... I
wouldn't be surprised, especially in something like Websphere which can
get king of anal about this sort of thing, won't let you keep a
reference to session outside the context of the request. I have no
evidence of this, it's just a hunch.
In the end though, like you said yourself, if it's only the data in
session your really interested in, there are ways to do that. One could
argue the same security concerns would be present there, but at some
point it has to enter the realm of a design decision... you know what
the consequences might be, and decide to accept them. Heck, maybe I'm
seeing creatures in the shadows that aren't really there anyway! (i.e.,
maybe there's not really any security issues). I've dealt with security
enough though to know that the first time you assume there's no concern,
you get burnt :)
Frank
>
>
> --- "Frank W. Zammetti" <fz...@omnytex.com> wrote:
>
>> Mon Cab wrote:
>>> Im guessing that this might require my storing the sessionId's in
>> the
>>> db when the users log on. Such a shame.
>> I think even doing that it wouldn't be possible to get the session
>> object itself... I seem to recall there being some security
>> restrictions
>> around that (which makes sense if you think about it)... IIRC, that's
>>
>> also the reason that getSession() method was removed in the first
>> place.
>>
>> If the information in session is all your actually interested in
>> though,
>> and not the session object itself, you could certainly get away with
>> throwing a filter in front of your app that grabs session from the
>> request and pulls the pertinent info from it and shoves it in a
>> database, keyed by session ID (or whatever else makes sense).
>> Obviously
>> a performance concern, not to mention the security implications, but
>> would certainly work.
>>
>> I suppose you could try stuffing a reference to the session object
>> itself into some map, although I'm not at all sure that'd work... I'm
>>
>> more sure though that it wouldn't be spec-compliant, and probably not
>> a
>> good idea for other reasons besides :) Still, might be doable, you'd
>>
>> have to test the theory.
>>
>> Frank
>>
>>
>>> --- "Frank W. Zammetti" <fz...@omnytex.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I don't believe there is a container-neutral way to do this, I
>> think
>>>> any
>>>> solution would have to be dependent on what app server your
>> running
>>>> on
>>>> and something specific to it.
>>>>
>>>> Frank
>>>>
>>>> (P.S. - I could be wrong! LOL)
>>>>
>>>> Mon Cab wrote:
>>>>> I am trying to integrate a web application to an external
>> service,
>>>> and
>>>>> need to be able to take an incoming sessionId from the external
>>>>> service server, and to return details from the session to which
>>>> that
>>>>> sessionId applies.
>>>>>
>>>>> I understand that there was a getSession(String sessionid)
>> method,
>>>> in
>>>>> HttpSessionContext which has since been deprecated.
>>>>>
>>>>> Does anyone know how I would do this, with the Servlet 2.3 APIs?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
> ____________________________________________________________________________________
>>>>> The fish are biting.
>>>>> Get more visitors on your site using Yahoo! Search Marketing.
>>>>> http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
>>>>>
>>>>>
>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>>>> For additional commands, e-mail: user-help@struts.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>> --
>>>> Frank W. Zammetti
>>>> Founder and Chief Software Architect
>>>> Omnytex Technologies
>>>> http://www.omnytex.com
>>>> AIM/Yahoo: fzammetti
>>>> MSN: fzammetti@hotmail.com
>>>> Author of "Practical Ajax Projects With Java Technology"
>>>> (2006, Apress, ISBN 1-59059-695-1)
>>>> Java Web Parts - http://javawebparts.sourceforge.net
>>>> Supplying the wheel, so you don't have to reinvent it!
>>>>
>>>>
>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>>> For additional commands, e-mail: user-help@struts.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>>
> ____________________________________________________________________________________
>>> Looking for earth-friendly autos?
>>> Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
>>> http://autos.yahoo.com/green_center/
>>>
>>>
>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>>>
>>>
>> --
>> Frank W. Zammetti
>> Founder and Chief Software Architect
>> Omnytex Technologies
>> http://www.omnytex.com
>> AIM/Yahoo: fzammetti
>> MSN: fzammetti@hotmail.com
>> Author of "Practical Ajax Projects With Java Technology"
>> (2006, Apress, ISBN 1-59059-695-1)
>> Java Web Parts - http://javawebparts.sourceforge.net
>> Supplying the wheel, so you don't have to reinvent it!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
>
>
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: fzammetti@hotmail.com
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: getting Session from SessionId
Posted by Mon Cab <fu...@yahoo.com>.
I think its going to have to be solution 1. All Im really interested
in is user data associated with a session, so I'll probably map userId
to sessionID in the DB and then pull user info when the service sends
me a session id.
I like the idea of the session map though. Maybe use a singleton to
store the map and then access the sessions from there. Why do you say
this might not be a good idea?
--- "Frank W. Zammetti" <fz...@omnytex.com> wrote:
> Mon Cab wrote:
> > Im guessing that this might require my storing the sessionId's in
> the
> > db when the users log on. Such a shame.
>
> I think even doing that it wouldn't be possible to get the session
> object itself... I seem to recall there being some security
> restrictions
> around that (which makes sense if you think about it)... IIRC, that's
>
> also the reason that getSession() method was removed in the first
> place.
>
> If the information in session is all your actually interested in
> though,
> and not the session object itself, you could certainly get away with
> throwing a filter in front of your app that grabs session from the
> request and pulls the pertinent info from it and shoves it in a
> database, keyed by session ID (or whatever else makes sense).
> Obviously
> a performance concern, not to mention the security implications, but
> would certainly work.
>
> I suppose you could try stuffing a reference to the session object
> itself into some map, although I'm not at all sure that'd work... I'm
>
> more sure though that it wouldn't be spec-compliant, and probably not
> a
> good idea for other reasons besides :) Still, might be doable, you'd
>
> have to test the theory.
>
> Frank
>
>
> >
> > --- "Frank W. Zammetti" <fz...@omnytex.com> wrote:
> >
> >> Hi,
> >>
> >> I don't believe there is a container-neutral way to do this, I
> think
> >> any
> >> solution would have to be dependent on what app server your
> running
> >> on
> >> and something specific to it.
> >>
> >> Frank
> >>
> >> (P.S. - I could be wrong! LOL)
> >>
> >> Mon Cab wrote:
> >>> I am trying to integrate a web application to an external
> service,
> >> and
> >>> need to be able to take an incoming sessionId from the external
> >>> service server, and to return details from the session to which
> >> that
> >>> sessionId applies.
> >>>
> >>> I understand that there was a getSession(String sessionid)
> method,
> >> in
> >>> HttpSessionContext which has since been deprecated.
> >>>
> >>> Does anyone know how I would do this, with the Servlet 2.3 APIs?
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >
>
____________________________________________________________________________________
> >>> The fish are biting.
> >>> Get more visitors on your site using Yahoo! Search Marketing.
> >>> http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
> >>>
> >>>
> >>
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >>> For additional commands, e-mail: user-help@struts.apache.org
> >>>
> >>>
> >>>
> >>>
> >> --
> >> Frank W. Zammetti
> >> Founder and Chief Software Architect
> >> Omnytex Technologies
> >> http://www.omnytex.com
> >> AIM/Yahoo: fzammetti
> >> MSN: fzammetti@hotmail.com
> >> Author of "Practical Ajax Projects With Java Technology"
> >> (2006, Apress, ISBN 1-59059-695-1)
> >> Java Web Parts - http://javawebparts.sourceforge.net
> >> Supplying the wheel, so you don't have to reinvent it!
> >>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >> For additional commands, e-mail: user-help@struts.apache.org
> >>
> >>
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Looking for earth-friendly autos?
> > Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
> > http://autos.yahoo.com/green_center/
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> >
> >
>
> --
> Frank W. Zammetti
> Founder and Chief Software Architect
> Omnytex Technologies
> http://www.omnytex.com
> AIM/Yahoo: fzammetti
> MSN: fzammetti@hotmail.com
> Author of "Practical Ajax Projects With Java Technology"
> (2006, Apress, ISBN 1-59059-695-1)
> Java Web Parts - http://javawebparts.sourceforge.net
> Supplying the wheel, so you don't have to reinvent it!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: getting Session from SessionId
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
Mon Cab wrote:
> Im guessing that this might require my storing the sessionId's in the
> db when the users log on. Such a shame.
I think even doing that it wouldn't be possible to get the session
object itself... I seem to recall there being some security restrictions
around that (which makes sense if you think about it)... IIRC, that's
also the reason that getSession() method was removed in the first place.
If the information in session is all your actually interested in though,
and not the session object itself, you could certainly get away with
throwing a filter in front of your app that grabs session from the
request and pulls the pertinent info from it and shoves it in a
database, keyed by session ID (or whatever else makes sense). Obviously
a performance concern, not to mention the security implications, but
would certainly work.
I suppose you could try stuffing a reference to the session object
itself into some map, although I'm not at all sure that'd work... I'm
more sure though that it wouldn't be spec-compliant, and probably not a
good idea for other reasons besides :) Still, might be doable, you'd
have to test the theory.
Frank
>
> --- "Frank W. Zammetti" <fz...@omnytex.com> wrote:
>
>> Hi,
>>
>> I don't believe there is a container-neutral way to do this, I think
>> any
>> solution would have to be dependent on what app server your running
>> on
>> and something specific to it.
>>
>> Frank
>>
>> (P.S. - I could be wrong! LOL)
>>
>> Mon Cab wrote:
>>> I am trying to integrate a web application to an external service,
>> and
>>> need to be able to take an incoming sessionId from the external
>>> service server, and to return details from the session to which
>> that
>>> sessionId applies.
>>>
>>> I understand that there was a getSession(String sessionid) method,
>> in
>>> HttpSessionContext which has since been deprecated.
>>>
>>> Does anyone know how I would do this, with the Servlet 2.3 APIs?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
> ____________________________________________________________________________________
>>> The fish are biting.
>>> Get more visitors on your site using Yahoo! Search Marketing.
>>> http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
>>>
>>>
>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>>>
>>>
>> --
>> Frank W. Zammetti
>> Founder and Chief Software Architect
>> Omnytex Technologies
>> http://www.omnytex.com
>> AIM/Yahoo: fzammetti
>> MSN: fzammetti@hotmail.com
>> Author of "Practical Ajax Projects With Java Technology"
>> (2006, Apress, ISBN 1-59059-695-1)
>> Java Web Parts - http://javawebparts.sourceforge.net
>> Supplying the wheel, so you don't have to reinvent it!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
>
>
> ____________________________________________________________________________________
> Looking for earth-friendly autos?
> Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
> http://autos.yahoo.com/green_center/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: fzammetti@hotmail.com
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: getting Session from SessionId
Posted by Mon Cab <fu...@yahoo.com>.
Im guessing that this might require my storing the sessionId's in the
db when the users log on. Such a shame.
--- "Frank W. Zammetti" <fz...@omnytex.com> wrote:
> Hi,
>
> I don't believe there is a container-neutral way to do this, I think
> any
> solution would have to be dependent on what app server your running
> on
> and something specific to it.
>
> Frank
>
> (P.S. - I could be wrong! LOL)
>
> Mon Cab wrote:
> > I am trying to integrate a web application to an external service,
> and
> > need to be able to take an incoming sessionId from the external
> > service server, and to return details from the session to which
> that
> > sessionId applies.
> >
> > I understand that there was a getSession(String sessionid) method,
> in
> > HttpSessionContext which has since been deprecated.
> >
> > Does anyone know how I would do this, with the Servlet 2.3 APIs?
> >
> >
> >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > The fish are biting.
> > Get more visitors on your site using Yahoo! Search Marketing.
> > http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> >
> >
>
> --
> Frank W. Zammetti
> Founder and Chief Software Architect
> Omnytex Technologies
> http://www.omnytex.com
> AIM/Yahoo: fzammetti
> MSN: fzammetti@hotmail.com
> Author of "Practical Ajax Projects With Java Technology"
> (2006, Apress, ISBN 1-59059-695-1)
> Java Web Parts - http://javawebparts.sourceforge.net
> Supplying the wheel, so you don't have to reinvent it!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: getting Session from SessionId
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
Hi,
I don't believe there is a container-neutral way to do this, I think any
solution would have to be dependent on what app server your running on
and something specific to it.
Frank
(P.S. - I could be wrong! LOL)
Mon Cab wrote:
> I am trying to integrate a web application to an external service, and
> need to be able to take an incoming sessionId from the external
> service server, and to return details from the session to which that
> sessionId applies.
>
> I understand that there was a getSession(String sessionid) method, in
> HttpSessionContext which has since been deprecated.
>
> Does anyone know how I would do this, with the Servlet 2.3 APIs?
>
>
>
>
>
>
> ____________________________________________________________________________________
> The fish are biting.
> Get more visitors on your site using Yahoo! Search Marketing.
> http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
>
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: fzammetti@hotmail.com
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org