Tomcat and SessionHandling

["Preuss, Jacqueline - ENCOWAY" <Pr...@encoway.de>]

Hi, I'm new here!

 

Generally, I'm new in the topic servlets etc. so I hope I can explain my problem well.

 

In our company we work with some web applications running in Internet Explorer. We want to use Tomcat as servlet engine / webserver. The problem is the session handling of Tomcat. For the application the user authenticates with username, password and domain (i.e. windows authentication). The user can select different items in the application e.g. quotes. Every quote is opened in a new browser window. If we use Tomcat, all quotes of the user are saved under the same session, i.e. the session id is always the same. That's a problem for us, because we need a new session for every single quote. So, is there a possibility to implement our own session handling for Tomcat. If yes, how? What would you suggest? Can we use a filter for tomcat the renew or clear the session?

 

I hope this is the right place to post. Thanks for help.

 

 
Jacqueline Preuß

 

Re: Tomcat and SessionHandling

[Pid <p...@pidster.com>]

Preuss, Jacqueline - ENCOWAY wrote:
> Hi, I'm new here!
> 
>  
> 
> Generally, I'm new in the topic servlets etc. so I hope I can explain my problem well.
> 
>  
> 
> In our company we work with some web applications running in Internet Explorer. We want to use Tomcat as servlet engine / webserver. The problem is the session handling of Tomcat. For the application the user authenticates with username, password and domain (i.e. windows authentication). The user can select different items in the application e.g. quotes. Every quote is opened in a new browser window. If we use Tomcat, all quotes of the user are saved under the same session, i.e. the session id is always the same. That's a problem for us, because we need a new session for every single quote. So, is there a possibility to implement our own session handling for Tomcat. If yes, how? What would you suggest? Can we use a filter for tomcat the renew or clear the session?

Sounds a bit screwy, starting with the opening a new window for every
item...

I'm not really sure where to start, so I'll state outright that
implementing your own session management scheme is probably a really bad
idea, and a can of worms that you definitely do not want to open if
you're new to Servlets.

The session id really should be consistent throughout a users visit,
that's kind of the point of it - and authentication could be impossible
without it (depending on your plan).

If you describe exactly what you're doing with the session id that
requires it to be different each time maybe we can suggest a better
alternative.


p




> I hope this is the right place to post. Thanks for help.
> 
>  
> 
>  
> Jacqueline Preuß
> 
>  
> 
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

AW: Tomcat and SessionHandling

["Preuss, Jacqueline - ENCOWAY" <Pr...@encoway.de>]

Hi,

thanks for your replies.

After I do a little research here :-) I try to explain the problem in more detail.

We are integrated into an existing web application from Microsoft. This application runs in IE and is user specific. You can manage and administer some issues. So our application is part of this, i.e. is a web application in it. If you go to a special part of the Microsoft site our site will occur which let the user configure the current issue (e.g. a quote maybe). For every configuration we need a new session. This is the standard here and it works for all cases except in this Microsoft case because all actions the user do, are under the same session. So if the user configures a quote and doesn't save it, and then he opens a new one and tries to configure it, the data of the first configuration is lost. 

What we do to solve the problem was to implement an own servlet engine which uses a special session id ("mysessionid") which is the id of the quote for example and finally replaces it with "jsessionid". So every new quote call got a new session id. But it is difficult to implement a perfect servlet engine, so the idea is to use tomcat and customize the session handling.

I hope it's getting clearer now? If not, sorry.

Jacqueline.

> -----Ursprüngliche Nachricht-----
> Von: Pid [mailto:p@pidster.com]
> Gesendet: Mittwoch, 12. September 2007 12:47
> An: Tomcat Users List
> Betreff: Re: Tomcat and SessionHandling
> 
> Leon Rosenberg wrote:
> > first, if you are new to servlets and webapps, you should probably
> > hire a consultant in your area to help you out a little, and there are
> > many in germany.
> >
> > second, you don't need own session handling, what you do need is a
> > context for each window in your session, so the data for the window is
> > set in the context. This implies that you have somehow to identify in
> > which context a window is. The standard way of doing it with cookie,
> > doesn't work for you (either way you'd had no problems with sessions),
> > so the easiest way is to append a context id to each relevant link in
> > the window. This can be done manually, if the link count is low, or
> > via a own HttpServletRequest wrapper with encoding methods, or (but
> > really ugly) by a filter which rewrites the response afterwards.
> > I would highly recommend you to add the context id manually to each
> > link in the window; its maybe more work at the beginning and not
> > fancy, but it will work and be fault tolerant.
> >
> > So once you did that, you have a map with contextId-contextdata
> > relationship in the session, retrieve the proper contextdata from the
> > session in a filter and add it as request attribute, work with it in
> > servlets/actions whatever and use the proper context id in the links.
> > You could also make the context object ThreadLocal, and spare
> > HttpServletRequest passing through methods.
> >
> > Pretty simple actually.
> 
> They might just need to use request attributes or parameters, which
> would be even simpler...
> 
> p
> 
> 
> 
> > regards
> > Leon
> >
> >
> > On 9/12/07, Preuss, Jacqueline - ENCOWAY <Pr...@encoway.de> wrote:
> >> Hi, I'm new here!
> >>
> >>
> >>
> >> Generally, I'm new in the topic servlets etc. so I hope I can explain
> my problem well.
> >>
> >>
> >>
> >> In our company we work with some web applications running in Internet
> Explorer. We want to use Tomcat as servlet engine / webserver. The problem
> is the session handling of Tomcat. For the application the user
> authenticates with username, password and domain (i.e. windows
> authentication). The user can select different items in the application
> e.g. quotes. Every quote is opened in a new browser window. If we use
> Tomcat, all quotes of the user are saved under the same session, i.e. the
> session id is always the same. That's a problem for us, because we need a
> new session for every single quote. So, is there a possibility to
> implement our own session handling for Tomcat. If yes, how? What would you
> suggest? Can we use a filter for tomcat the renew or clear the session?
> >>
> >>
> >>
> >> I hope this is the right place to post. Thanks for help.
> >>
> >>
> >>
> >>
> >> Jacqueline Preuß
> >>
> >>
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat and SessionHandling

[Pid <p...@pidster.com>]

Leon Rosenberg wrote:
> first, if you are new to servlets and webapps, you should probably
> hire a consultant in your area to help you out a little, and there are
> many in germany.
> 
> second, you don't need own session handling, what you do need is a
> context for each window in your session, so the data for the window is
> set in the context. This implies that you have somehow to identify in
> which context a window is. The standard way of doing it with cookie,
> doesn't work for you (either way you'd had no problems with sessions),
> so the easiest way is to append a context id to each relevant link in
> the window. This can be done manually, if the link count is low, or
> via a own HttpServletRequest wrapper with encoding methods, or (but
> really ugly) by a filter which rewrites the response afterwards.
> I would highly recommend you to add the context id manually to each
> link in the window; its maybe more work at the beginning and not
> fancy, but it will work and be fault tolerant.
> 
> So once you did that, you have a map with contextId-contextdata
> relationship in the session, retrieve the proper contextdata from the
> session in a filter and add it as request attribute, work with it in
> servlets/actions whatever and use the proper context id in the links.
> You could also make the context object ThreadLocal, and spare
> HttpServletRequest passing through methods.
> 
> Pretty simple actually.

They might just need to use request attributes or parameters, which
would be even simpler...

p



> regards
> Leon
> 
> 
> On 9/12/07, Preuss, Jacqueline - ENCOWAY <Pr...@encoway.de> wrote:
>> Hi, I'm new here!
>>
>>
>>
>> Generally, I'm new in the topic servlets etc. so I hope I can explain my problem well.
>>
>>
>>
>> In our company we work with some web applications running in Internet Explorer. We want to use Tomcat as servlet engine / webserver. The problem is the session handling of Tomcat. For the application the user authenticates with username, password and domain (i.e. windows authentication). The user can select different items in the application e.g. quotes. Every quote is opened in a new browser window. If we use Tomcat, all quotes of the user are saved under the same session, i.e. the session id is always the same. That's a problem for us, because we need a new session for every single quote. So, is there a possibility to implement our own session handling for Tomcat. If yes, how? What would you suggest? Can we use a filter for tomcat the renew or clear the session?
>>
>>
>>
>> I hope this is the right place to post. Thanks for help.
>>
>>
>>
>>
>> Jacqueline Preuß
>>
>>
>>
>>
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat and SessionHandling

[Leon Rosenberg <ro...@googlemail.com>]

first, if you are new to servlets and webapps, you should probably
hire a consultant in your area to help you out a little, and there are
many in germany.

second, you don't need own session handling, what you do need is a
context for each window in your session, so the data for the window is
set in the context. This implies that you have somehow to identify in
which context a window is. The standard way of doing it with cookie,
doesn't work for you (either way you'd had no problems with sessions),
so the easiest way is to append a context id to each relevant link in
the window. This can be done manually, if the link count is low, or
via a own HttpServletRequest wrapper with encoding methods, or (but
really ugly) by a filter which rewrites the response afterwards.
I would highly recommend you to add the context id manually to each
link in the window; its maybe more work at the beginning and not
fancy, but it will work and be fault tolerant.

So once you did that, you have a map with contextId-contextdata
relationship in the session, retrieve the proper contextdata from the
session in a filter and add it as request attribute, work with it in
servlets/actions whatever and use the proper context id in the links.
You could also make the context object ThreadLocal, and spare
HttpServletRequest passing through methods.

Pretty simple actually.

regards
Leon


On 9/12/07, Preuss, Jacqueline - ENCOWAY <Pr...@encoway.de> wrote:
> Hi, I'm new here!
>
>
>
> Generally, I'm new in the topic servlets etc. so I hope I can explain my problem well.
>
>
>
> In our company we work with some web applications running in Internet Explorer. We want to use Tomcat as servlet engine / webserver. The problem is the session handling of Tomcat. For the application the user authenticates with username, password and domain (i.e. windows authentication). The user can select different items in the application e.g. quotes. Every quote is opened in a new browser window. If we use Tomcat, all quotes of the user are saved under the same session, i.e. the session id is always the same. That's a problem for us, because we need a new session for every single quote. So, is there a possibility to implement our own session handling for Tomcat. If yes, how? What would you suggest? Can we use a filter for tomcat the renew or clear the session?
>
>
>
> I hope this is the right place to post. Thanks for help.
>
>
>
>
> Jacqueline Preuß
>
>
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org