You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by S Arvind <ar...@gmail.com> on 2009/11/02 11:06:57 UTC
Want to customise the tomcat's session logic
Hi Tomcat developers,
Bascially my requirement is ability to control the session
sharing in browser. Till now we maintained each application as differnet
context but pointing to same doc-base. So different web application will be
running on a same code to control the session sharing between different
application . But now we want to run in same context as one application but
control the session sharing. So i planned to customise session creation n
management of the tomcat to our requirements to add some value to
*path*attribute in session. Is this possible?
Is there anyother way to solve this session sharing??
Thanks in advance.
Arvind S
RE: Want to customise the tomcat's session logic
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Christopher Schultz [mailto:chris@christopherschultz.net]
> Subject: Re: Want to customise the tomcat's session logic
>
> No, you can't customize the session id
Well, you can, sort of. The StandardManager can be configured to use a specific algorithm for the message digest calculation. If you create a custom security provider, you could generate whatever digest value desired. However, it would probably be easier just to create a custom manager class, thereby allowing pretty much any session id desired.
http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Want to customise the tomcat's session logic
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
André,
On 11/9/2009 9:55 PM, André Warnier wrote:
> Christopher Schultz wrote:
>>
>> I wish you'd tell us what the heck you're trying to do because I'm
>> certain there's an easier way to do it.
>>
> Like maybe just add an attribute to the session, containing the path
> where the session was begat ?
> (if I remember the original exposé correctly)
I was thinking of something even slightly more brute-force-y like:
Write a filter (my favorite!) that you map multiple times to your
webapp, once for each URI segment that represents the old, separate webapps.
The filter wraps the request which wraps HttpSession objects handed-out
by the requests. The HttpSession wrapped is configured with the URI
segment from the old webapp and basically represents a prefix used to
prepend to all session keys. The HttpSession object you get from the
wrapper only gives you access to keys that have the proper prefix.
So, the "real" session has data like:
"/oldWebappA:foo" -> "This is a string from the old 'A'"
"/oldWebappB:foo" -> "This is a string from the old 'B'"
When the code from "oldWebappA" requests the value for the key "foo",
the wrapped HttpSession prepends "/oldWebappA:" to the beginning of the
key and returns "This is a string from the old 'A'". When the code from
"oldWebappB" does the same, it gets "This is a string from the old 'B'".
You can also go crazy and use a search order like:
a. If URI + key has a value, return that
b. else, return value for just the bare key
This would allow sessions to share /some/ data, but everything else
would be segmented.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr50owACgkQ9CaO5/Lv0PBPfgCePjtorZAbO159mYG6FR+JSoGN
/7oAnRJ1WSS6t73jk1SgcvHOK0jLj2YW
=kKky
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Want to customise the tomcat's session logic
Posted by André Warnier <aw...@ice-sa.com>.
Christopher Schultz wrote:
>
> I wish you'd tell us what the heck you're trying to do because I'm
> certain there's an easier way to do it.
>
Like maybe just add an attribute to the session, containing the path
where the session was begat ?
(if I remember the original exposé correctly)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Want to customise the tomcat's session logic
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Arvind,
On 11/7/2009 11:35 PM, S Arvind wrote:
> is it possible to provide costume sessionid while creating session.? so that
> different time when session needs to be created i can create new sessionid
> and store it in cookie.
No, you can't customize the session id, but you can register a listener
that will be notified of session creation events:
http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/http/HttpSessionListener.html
Note that there aren't any objects available during this method that
will let you set a cookie on the request. For that, you could write a
Filter that wraps the request to intercept calls to getSession() and
make sure that, if a session is created, your cookies are written as well.
I wish you'd tell us what the heck you're trying to do because I'm
certain there's an easier way to do it.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr4m2MACgkQ9CaO5/Lv0PCA+QCcCI3cfZTtJx9C4d1O/hvT+Rux
kLcAoLlTj04s7st0Sd4+B9rpx48TPVx8
=ZQDV
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Want to customise the tomcat's session logic
Posted by S Arvind <ar...@gmail.com>.
is it possible to provide costume sessionid while creating session.? so that
different time when session needs to be created i can create new sessionid
and store it in cookie.
"Many of lifes failure are people who did not realize how close they were to
success when they gave up."
-Thomas Edison
On Sun, Nov 8, 2009 at 5:15 AM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:
> > From: S Arvind [mailto:arvindwill@gmail.com]
> > Subject: Re: Want to customise the tomcat's session logic
> >
> > deploy one app in tomcat by having context xml in
> > catalina>>domain>>xxx.xml . When you access this
> > app check the session u will find the path attribute
> > with xxx in it.
>
> You're confusing the session with the cookie. The session is a
> spec-defined object in the JVM heap, whereas the cookie is the standard
> means of passing an id associated with the session to the client. The path
> information in the cookie normally reflects the URI used when the cookie was
> generated by the server, but it doesn't have to.
>
> > Wat i need is two different session for same webapp
> > running under single tomcat???
>
> I don't think either the servlet spec or any browsers will support that.
> You'll need to generate your own set of cookies, separate from session
> handling.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
RE: Want to customise the tomcat's session logic
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: S Arvind [mailto:arvindwill@gmail.com]
> Subject: Re: Want to customise the tomcat's session logic
>
> deploy one app in tomcat by having context xml in
> catalina>>domain>>xxx.xml . When you access this
> app check the session u will find the path attribute
> with xxx in it.
You're confusing the session with the cookie. The session is a spec-defined object in the JVM heap, whereas the cookie is the standard means of passing an id associated with the session to the client. The path information in the cookie normally reflects the URI used when the cookie was generated by the server, but it doesn't have to.
> Wat i need is two different session for same webapp
> running under single tomcat???
I don't think either the servlet spec or any browsers will support that. You'll need to generate your own set of cookies, separate from session handling.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Want to customise the tomcat's session logic
Posted by Martin Choma <ma...@gmail.com>.
Ok, i think i see what you mean. As far as I know there is no quickwin
for that. Web application suffer with this disease - that mean sharing
session over tabs. You have got three choices to deal with that.
A) You dont mind :)
B) You will prevent to work in multitabs over one session
C) You choose the third and the hardest - to support it :)
Here are some ideas, but no of them is 100%
1) set tomcat to use URL rewriting indtead of cookies
(http://tomcat.apache.org/tomcat-6.0-doc/config/context.html)
2) produce some tab/browser identification and divide session (maybe
window.name property could be helpfull)
3) Look at JBoss Seam, it also support multitab browsing without
harming session as i know.
Good luck ;)
2009/11/7 S Arvind <ar...@gmail.com>:
> To my knowledge, there is no "path" attribute in the session. Are you
> proposing that you add one?
>>> deploy one app in tomcat by having context xml in
> catalina>>domain>>xxx.xml . When you access this app check the session u
> will find the path attribute with xxx in it.
>
>
> So... do you mean that you want to deploy one web application (into a
> single context), but you want to separate certain parts of the session
> into different "areas" of the webapp?
>>> yes
>
>
> I don't believe that deploying the same webapp multiple times into
> different contexts has any effect on session sharing: Tomcat will treat
> them as different webapps and no session sharing will occur unless you
> have taken other steps to share sessions between contexts.
>>> Session sharing will not occur for different context. But i need to have
> single context still session should not be shared. Is it possible in single
> context.??
>
> Consider i have one login app, after login i track the state by session.
> First i login that website in single tab in browser and session was created
> with details in it. And in another tab or window i need to login with
> different username without sharing the session. But if i did this first
> created session was overwrite by second session. Wat i need is two different
> session for same webapp running under single tomcat???
>
> IS it possible??
>
> Arvind S
>
>
> "Many of lifes failure are people who did not realize how close they were to
> success when they gave up."
> -Thomas Edison
>
>
> On Sat, Nov 7, 2009 at 7:14 AM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Arvind,
>>
>> On 11/2/2009 5:06 AM, S Arvind wrote:
>> > Basically my requirement is ability to control the session
>> > sharing in browser. Till now we maintained each application as different
>> > context but pointing to same doc-base. So different web application will
>> be
>> > running on a same code to control the session sharing between different
>> > application.
>>
>> I don't believe that deploying the same webapp multiple times into
>> different contexts has any effect on session sharing: Tomcat will treat
>> them as different webapps and no session sharing will occur unless you
>> have taken other steps to share sessions between contexts.
>>
>> > But now we want to run in same context as one application but
>> > control the session sharing.
>>
>> So... do you mean that you want to deploy one web application (into a
>> single context), but you want to separate certain parts of the session
>> into different "areas" of the webapp?
>>
>> > So i planned to customise session creation n
>> > management of the tomcat to our requirements to add some value to
>> > *path* attribute in session. Is this possible?
>>
>> To my knowledge, there is no "path" attribute in the session. Are you
>> proposing that you add one?
>>
>> Modifying Tomcat's session management code is probably going to lead you
>> down a path that leads to insanity: the APIs are not (officially)
>> stable, there is no standard, etc.
>>
>> I suspect there is a better way to accomplish what you want to do... I
>> just don't really understand what you want to do. Instead of speaking in
>> generalities, why not give us a use case?
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkr00RcACgkQ9CaO5/Lv0PBeqwCfQK7r/8a0jn2jiHxyLkU0ypyA
>> uXUAn19ms08C6ydU6DvZTdg6Ep6za6at
>> =kDId
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Want to customise the tomcat's session logic
Posted by S Arvind <ar...@gmail.com>.
To my knowledge, there is no "path" attribute in the session. Are you
proposing that you add one?
>> deploy one app in tomcat by having context xml in
catalina>>domain>>xxx.xml . When you access this app check the session u
will find the path attribute with xxx in it.
So... do you mean that you want to deploy one web application (into a
single context), but you want to separate certain parts of the session
into different "areas" of the webapp?
>> yes
I don't believe that deploying the same webapp multiple times into
different contexts has any effect on session sharing: Tomcat will treat
them as different webapps and no session sharing will occur unless you
have taken other steps to share sessions between contexts.
>> Session sharing will not occur for different context. But i need to have
single context still session should not be shared. Is it possible in single
context.??
Consider i have one login app, after login i track the state by session.
First i login that website in single tab in browser and session was created
with details in it. And in another tab or window i need to login with
different username without sharing the session. But if i did this first
created session was overwrite by second session. Wat i need is two different
session for same webapp running under single tomcat???
IS it possible??
Arvind S
"Many of lifes failure are people who did not realize how close they were to
success when they gave up."
-Thomas Edison
On Sat, Nov 7, 2009 at 7:14 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Arvind,
>
> On 11/2/2009 5:06 AM, S Arvind wrote:
> > Basically my requirement is ability to control the session
> > sharing in browser. Till now we maintained each application as different
> > context but pointing to same doc-base. So different web application will
> be
> > running on a same code to control the session sharing between different
> > application.
>
> I don't believe that deploying the same webapp multiple times into
> different contexts has any effect on session sharing: Tomcat will treat
> them as different webapps and no session sharing will occur unless you
> have taken other steps to share sessions between contexts.
>
> > But now we want to run in same context as one application but
> > control the session sharing.
>
> So... do you mean that you want to deploy one web application (into a
> single context), but you want to separate certain parts of the session
> into different "areas" of the webapp?
>
> > So i planned to customise session creation n
> > management of the tomcat to our requirements to add some value to
> > *path* attribute in session. Is this possible?
>
> To my knowledge, there is no "path" attribute in the session. Are you
> proposing that you add one?
>
> Modifying Tomcat's session management code is probably going to lead you
> down a path that leads to insanity: the APIs are not (officially)
> stable, there is no standard, etc.
>
> I suspect there is a better way to accomplish what you want to do... I
> just don't really understand what you want to do. Instead of speaking in
> generalities, why not give us a use case?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkr00RcACgkQ9CaO5/Lv0PBeqwCfQK7r/8a0jn2jiHxyLkU0ypyA
> uXUAn19ms08C6ydU6DvZTdg6Ep6za6at
> =kDId
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Want to customise the tomcat's session logic
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Arvind,
On 11/2/2009 5:06 AM, S Arvind wrote:
> Basically my requirement is ability to control the session
> sharing in browser. Till now we maintained each application as different
> context but pointing to same doc-base. So different web application will be
> running on a same code to control the session sharing between different
> application.
I don't believe that deploying the same webapp multiple times into
different contexts has any effect on session sharing: Tomcat will treat
them as different webapps and no session sharing will occur unless you
have taken other steps to share sessions between contexts.
> But now we want to run in same context as one application but
> control the session sharing.
So... do you mean that you want to deploy one web application (into a
single context), but you want to separate certain parts of the session
into different "areas" of the webapp?
> So i planned to customise session creation n
> management of the tomcat to our requirements to add some value to
> *path* attribute in session. Is this possible?
To my knowledge, there is no "path" attribute in the session. Are you
proposing that you add one?
Modifying Tomcat's session management code is probably going to lead you
down a path that leads to insanity: the APIs are not (officially)
stable, there is no standard, etc.
I suspect there is a better way to accomplish what you want to do... I
just don't really understand what you want to do. Instead of speaking in
generalities, why not give us a use case?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr00RcACgkQ9CaO5/Lv0PBeqwCfQK7r/8a0jn2jiHxyLkU0ypyA
uXUAn19ms08C6ydU6DvZTdg6Ep6za6at
=kDId
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Want to customise the tomcat's session logic
Posted by Sam Gendler <sg...@vid.me>.
On Mon, Nov 2, 2009 at 5:03 AM, Pid <pi...@pidster.com> wrote:
> On 02/11/2009 10:06, S Arvind wrote:
>
>> Hi Tomcat developers,
>>
>> Bascially my requirement is ability to control the session
>> sharing in browser. Till now we maintained each application as differnet
>> context but pointing to same doc-base. So different web application will
>> be
>> running on a same code to control the session sharing between different
>> application . But now we want to run in same context as one application
>> but
>> control the session sharing. So i planned to customise session creation n
>> management of the tomcat to our requirements to add some value to
>> *path*attribute in session. Is this possible?
>>
>
>
> I'm not sure your question is very clear, perhaps if you are able to make
> your question clearer someone will be able to help.
>
>
If I understand correctly, you want to combine apps under a single context,
but you still want some control over data in session, perhaps using a 'path'
within the session object to store different values for different 'apps.'
I know next to nothing about session management infrastructure in tomcat,
but I happened to notice another mail o the list that mentioned the
SessionManager which is specified in context.xml (I think). Based on that
small piece of information, I'm guessing that you could provide your own
SessionManager, which is likely responsible for creating new sessions and
managing existing sessions. If so, it seems likely that you can manage
sessions any way you'd like. For instance, whenever the session object is
accessed, you could first inject the current 'path' for the request based on
attributes in the request object, which would cause all attributes to be set
with that path prefix in the session during that request.
Documentation for the SessionManager object is here:
http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html
Re: Want to customise the tomcat's session logic
Posted by Pid <pi...@pidster.com>.
On 02/11/2009 10:06, S Arvind wrote:
> Hi Tomcat developers,
>
> Bascially my requirement is ability to control the session
> sharing in browser. Till now we maintained each application as differnet
> context but pointing to same doc-base. So different web application will be
> running on a same code to control the session sharing between different
> application . But now we want to run in same context as one application but
> control the session sharing. So i planned to customise session creation n
> management of the tomcat to our requirements to add some value to
> *path*attribute in session. Is this possible?
I'm not sure your question is very clear, perhaps if you are able to
make your question clearer someone will be able to help.
p
> Is there anyother way to solve this session sharing??
>
> Thanks in advance.
>
> Arvind S
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org