*
The moose likes Servlets and the fly likes Sessions from multiple apps on single server... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Sessions from multiple apps on single server..." Watch "Sessions from multiple apps on single server..." New topic
Author

Sessions from multiple apps on single server...

Jay Howard
Greenhorn

Joined: Mar 01, 2005
Posts: 6
Apologies in advance if this question is too basic...

One server, two web apps, each passing session IDs. User starts using first app and gets a session ID. Then, in the same browser window, navigates to and logs into the other app.

On the first request to the second app, the client is going to pass in a bogus session ID. (The one it got from the first app). Does the container:

1. Give the client a second session ID? If so, is the second ID stored as a second cookie or somehow appended to the original ID?
2. Replace the one from the first app, meaning the client can only have one active session per server?
3. Register the same session ID to identify the user for two sessions, one with the first app and one with the second?
4. Something else entirely?
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
Each web application has a disctinct base URI and therefore independent cookies.
Each also has its own session management so no crosspollination occurrs (nor is it possible, to prevent that question which is asked like clockwork).


42
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Apologies in advance if this question is too basic...
It's not a stupid question and there's no need to apologize for asking it.

As Jeroen said, this is a fairly common question here. Common enough that it made it into this discussion: http://www.coderanch.com/t/359805/Servlets/java/Top-Servlet-JSP-misconceptions

As you can see in the discussion, nobody has come up with a good theory as to why people who are new to servlets, so often go straight to an architecture that involves multiple apps (contexts) that need to share sessions?

Would you mind sharing what it is that you're trying to do or, if you came from another technology where this type of architecture is common, telling us what it is? Was it that applications are refered to as "contexts"? Did that make them seem like they were meant to be used as components within one application?


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Jay Howard
Greenhorn

Joined: Mar 01, 2005
Posts: 6
Would you mind sharing what it is that you're trying to do or, if you came from another technology where this type of architecture is common, telling us what it is? Was it that applications are refered to as "contexts"? Did that make them seem like they were meant to be used as components within one application?


Not trying to do anything in particular, the thought just occurred to me as I was reading through the book. Was one of those, "Gee, wonder how that is resolved?" kind of things. Might be worth one of those "question bubbles" in the book if/when they come out with a new edition.

So now I understand things from the server side, but what about the browser? It doesn't have a DD at its disposal to know where one app ends and another begins. The first time the user accesses the second app, does his browser pass in a bogus session cookie (i.e. the one it got from the first app)? In general, how does the browser keep track of which session cookies to pass to which URLs? Does it go by directory structure, i.e. if it gets cookie A from "/foo/index.html" then it passes A to "/foo/bar/index.html", et. al.?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Here is a set of response headers grabbed with HttpLiveHeaders
http://livehttpheaders.mozdev.org/

Note the path attribute:
 
jQuery in Action, 2nd edition
 
subject: Sessions from multiple apps on single server...
 
Similar Threads
Session-timeout problem on Oracle 10.1.2.0.2 application server
what is meant by persistant state
Sharing session across servlet context
Is it possible to merge two session?
Chapter 6(Session Management) notes (HFSJ) for revision