You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ma...@smartmonsters.com on 2000/08/25 21:17:43 UTC
Sessions which span webapps?
Folks:
I'm having a problem which I would think would be fairly common. I would
like to use the ServletContext/webapp architecture to break a richly
functional Web site into multiple "applications" maintained by multiple
development groups. But at the same time I want to enable "single
sign-in" for users of the site. That is, a user should be able to
authenticate once, and all of the appropriate permissions, state,
preferences and so on for that user should be cached for fast lookup as
that user navigates throughout the site. In the pre-Tomcat world I used
to stash that info in the user's Session object, which is clean and sweet.
Under Tomcat, though, Session objects are specific to a particular
ServletContext/webapp, so that as the user navigates from one context to
another, a different Session object is assigned for each context.
Well -- I suppose it would be possible to work around this behavior. For
instance, you could create a global cache by putting a Singleton wrapper
around a Hashtable, then deposit a User object or something like that into
the global cache keyed by userID. The User object would have all the
permissions, state and preferences info which used to go into the Session.
But this will turn out to be a lot of work in practice because you'll
want to manage that cache to remove User objects when people leave the
site, and etc. etc. In other words you'll have to recreate much of the
functionality you get for free from the Session system.
Some app servers allow "global" Sessions which span webapps. I'm told
that WebSphere is one. Is there a way to configure a "global" Session
like this in Tomcat? Or is there a simple work around which allows us to
leverage the functionality already built into the Session system? How do
the rest of you deal with this issue?
Thanks!
--Mark