You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Brian Moseley <bc...@maz.org> on 2005/11/09 19:54:20 UTC
disabling sessions in certain parts of a webapp
my web application has three separate interfaces: an html ui, webdav,
and a custom http/xml protocol. clients of the latter two interfaces are
unaware of the http session, so i'd prefer that sessions not even be
constructed when requests come in through those interfaces.
i see that StandardManager and PersistentManager have maxActiveSessions
attributes, which i could potentially set to 0, but that isn't a
solution since i *do* want to have sessions for the html ui.
short of writing a new implementation of Manager, is there a way for me
to specify that sessions should not be created for, say, all requests to
/foo/*?
one idea was a filter that wraps the request with a class that overrides
getSession. are there any drawbacks to that approach?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: disabling sessions in certain parts of a webapp
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
That's weird... I actually had a part in my reply at the end that said
something like "this should work until some code after the filter tries to
access session" :)
Yep, absolutely, if there's a possibility of that then the wrapper is
definitely the way to go.
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: fzammetti@hotmail.com
On Wed, November 9, 2005 2:24 pm, Brian Moseley said:
> Frank W. Zammetti wrote:
>> I can't think of any drawbacks to the filter, and tha's what I would
>> have
>> suggested. Although, it probably doesn't even have to be as complicated
>> as a wrapper... simply check for an existing session for the paths you
>> do
>> want a session created for, and if none is present go ahead and create
>> it.
>> I *think* that would do the trick.
>
> well, i'm concerned about code executing further down the filter chain
> that calls request.getSession(). i don't own all of the code that i'm
> running :)
>
> that's why i thought of the wrapper. i can intercept calls to
> getSession() and always return null for the requests that should never
> get sessions, letting the calls through for the requests to the html ui.
>
> thanks for the feedback!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: disabling sessions in certain parts of a webapp
Posted by Brian Moseley <bc...@maz.org>.
Frank W. Zammetti wrote:
> I can't think of any drawbacks to the filter, and tha's what I would have
> suggested. Although, it probably doesn't even have to be as complicated
> as a wrapper... simply check for an existing session for the paths you do
> want a session created for, and if none is present go ahead and create it.
> I *think* that would do the trick.
well, i'm concerned about code executing further down the filter chain
that calls request.getSession(). i don't own all of the code that i'm
running :)
that's why i thought of the wrapper. i can intercept calls to
getSession() and always return null for the requests that should never
get sessions, letting the calls through for the requests to the html ui.
thanks for the feedback!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: disabling sessions in certain parts of a webapp
Posted by "Frank W. Zammetti" <fz...@omnytex.com>.
I can't think of any drawbacks to the filter, and tha's what I would have
suggested. Although, it probably doesn't even have to be as complicated
as a wrapper... simply check for an existing session for the paths you do
want a session created for, and if none is present go ahead and create it.
I *think* that would do the trick.
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: fzammetti@hotmail.com
On Wed, November 9, 2005 1:54 pm, Brian Moseley said:
> my web application has three separate interfaces: an html ui, webdav,
> and a custom http/xml protocol. clients of the latter two interfaces are
> unaware of the http session, so i'd prefer that sessions not even be
> constructed when requests come in through those interfaces.
>
> i see that StandardManager and PersistentManager have maxActiveSessions
> attributes, which i could potentially set to 0, but that isn't a
> solution since i *do* want to have sessions for the html ui.
>
> short of writing a new implementation of Manager, is there a way for me
> to specify that sessions should not be created for, say, all requests to
> /foo/*?
>
> one idea was a filter that wraps the request with a class that overrides
> getSession. are there any drawbacks to that approach?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org