Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Sessions from multiple apps on single server...

 
Jay Howard
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Apologies in advance if this question is too basic...

One server, two web apps, each passing session IDs. User starts using first app and gets a session ID. Then, in the same browser window, navigates to and logs into the other app.

On the first request to the second app, the client is going to pass in a bogus session ID. (The one it got from the first app). Does the container:

1. Give the client a second session ID? If so, is the second ID stored as a second cookie or somehow appended to the original ID?
2. Replace the one from the first app, meaning the client can only have one active session per server?
3. Register the same session ID to identify the user for two sessions, one with the first app and one with the second?
4. Something else entirely?
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Each web application has a disctinct base URI and therefore independent cookies.
Each also has its own session management so no crosspollination occurrs (nor is it possible, to prevent that question which is asked like clockwork).
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Apologies in advance if this question is too basic...
It's not a stupid question and there's no need to apologize for asking it.

As Jeroen said, this is a fairly common question here. Common enough that it made it into this discussion: http://www.coderanch.com/t/359805/Servlets/java/Top-Servlet-JSP-misconceptions

As you can see in the discussion, nobody has come up with a good theory as to why people who are new to servlets, so often go straight to an architecture that involves multiple apps (contexts) that need to share sessions?

Would you mind sharing what it is that you're trying to do or, if you came from another technology where this type of architecture is common, telling us what it is? Was it that applications are refered to as "contexts"? Did that make them seem like they were meant to be used as components within one application?
 
Jay Howard
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Would you mind sharing what it is that you're trying to do or, if you came from another technology where this type of architecture is common, telling us what it is? Was it that applications are refered to as "contexts"? Did that make them seem like they were meant to be used as components within one application?


Not trying to do anything in particular, the thought just occurred to me as I was reading through the book. Was one of those, "Gee, wonder how that is resolved?" kind of things. Might be worth one of those "question bubbles" in the book if/when they come out with a new edition.

So now I understand things from the server side, but what about the browser? It doesn't have a DD at its disposal to know where one app ends and another begins. The first time the user accesses the second app, does his browser pass in a bogus session cookie (i.e. the one it got from the first app)? In general, how does the browser keep track of which session cookies to pass to which URLs? Does it go by directory structure, i.e. if it gets cookie A from "/foo/index.html" then it passes A to "/foo/bar/index.html", et. al.?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is a set of response headers grabbed with HttpLiveHeaders
http://livehttpheaders.mozdev.org/

Note the path attribute:
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic