• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Sessions from multiple apps on single server...

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Apologies in advance if this question is too basic...

One server, two web apps, each passing session IDs. User starts using first app and gets a session ID. Then, in the same browser window, navigates to and logs into the other app.

On the first request to the second app, the client is going to pass in a bogus session ID. (The one it got from the first app). Does the container:

1. Give the client a second session ID? If so, is the second ID stored as a second cookie or somehow appended to the original ID?
2. Replace the one from the first app, meaning the client can only have one active session per server?
3. Register the same session ID to identify the user for two sessions, one with the first app and one with the second?
4. Something else entirely?
 
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Each web application has a disctinct base URI and therefore independent cookies.
Each also has its own session management so no crosspollination occurrs (nor is it possible, to prevent that question which is asked like clockwork).
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Apologies in advance if this question is too basic...
It's not a stupid question and there's no need to apologize for asking it.

As Jeroen said, this is a fairly common question here. Common enough that it made it into this discussion: https://coderanch.com/t/359805/Servlets/java/Top-Servlet-JSP-misconceptions

As you can see in the discussion, nobody has come up with a good theory as to why people who are new to servlets, so often go straight to an architecture that involves multiple apps (contexts) that need to share sessions?

Would you mind sharing what it is that you're trying to do or, if you came from another technology where this type of architecture is common, telling us what it is? Was it that applications are refered to as "contexts"? Did that make them seem like they were meant to be used as components within one application?
 
Jay Howard
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Would you mind sharing what it is that you're trying to do or, if you came from another technology where this type of architecture is common, telling us what it is? Was it that applications are refered to as "contexts"? Did that make them seem like they were meant to be used as components within one application?



Not trying to do anything in particular, the thought just occurred to me as I was reading through the book. Was one of those, "Gee, wonder how that is resolved?" kind of things. Might be worth one of those "question bubbles" in the book if/when they come out with a new edition.

So now I understand things from the server side, but what about the browser? It doesn't have a DD at its disposal to know where one app ends and another begins. The first time the user accesses the second app, does his browser pass in a bogus session cookie (i.e. the one it got from the first app)? In general, how does the browser keep track of which session cookies to pass to which URLs? Does it go by directory structure, i.e. if it gets cookie A from "/foo/index.html" then it passes A to "/foo/bar/index.html", et. al.?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is a set of response headers grabbed with HttpLiveHeaders
http://livehttpheaders.mozdev.org/

Note the path attribute:
 
reply
    Bookmark Topic Watch Topic
  • New Topic