This week's book giveaway is in the Jobs Discussion forum.
We're giving away four copies of Java Interview Guide and have Anthony DePalma on-line!
See this thread for details.
The moose likes Servlets and the fly likes Session Information / Multiple Containers Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Information / Multiple Containers" Watch "Session Information / Multiple Containers" New topic

Session Information / Multiple Containers

Josh Anderson

Joined: Nov 24, 2003
Posts: 3
I have done much reading on multiple sites and found some dated info about my problem and I was wondering if there were better answers now that a few years have passed. I apologize if this question has been asked on this forum, but I did make an effort to find a similar thread.

My situation:

Oracle 9i appserver and database

We currently run an aging application that is slowly being rewritten. One of the main problems of the old application is the entire business application is lumped into one application.

For example if we had a problem with one of areas such as accounting all of our divisions (HR, purchasing, etc) would have to be stopped because of accounting.

In future development they would like each 'department' if you will to have its own container, so in other words accounting one be container1, hr would be 2, etc.

The main problem I am coming across is certain employees will need to go back and forth between some of these applications because they work in multiple departments.

I usually store Employee ID information in the session when they login so they can be authorized as they move around, but the sessions do not share information if the container is switched.

For example:
Application 1 -- User signs in and authenticates, loads ID info, loads other info

User descides to use Application 2 linked from Application 1 (in a separate container) -- all ID info is gone, now it must be reloaded or reauthenticated.

In the forums the information I have read says that most app servers DO NOT support a way to share session information between containers, but I can't imagine our company is the first to try to implement something of this nature.

So how have people been getting around this problem?

Nothing is obvious to the uninformed.
Eddy Lee Sin Ti
Ranch Hand

Joined: Oct 06, 2005
Posts: 135
You might need a framework for single signon security feature
Check this out Java Open Single Sign-On Project

SCJP, SCWCD, SCJWS, IBM 700,IBM 701, IBM 704, IBM 705, CA Clarity Technical<br /> <br /><a href="" target="_blank" rel="nofollow"></a>
Josh Anderson

Joined: Nov 24, 2003
Posts: 3
Thank you for the reply, but unfortunately we currently have a custom built single sign application for our environment that needs to be used. It handles most of our application level roles as well, so this is not an option.

Truthfully, I need to find a way to use what is in the session and 'move' it to another session.
Eddy Lee Sin Ti
Ranch Hand

Joined: Oct 06, 2005
Posts: 135
I see.

My suggestions include:

1. Put the security tokens into more global location (such as entity bean, db) where multiple containers can lookup.

2. Implement your own session serialization mechanism between containers. This mechanism can be as simple as serialize the session contents into XML or Java serialization (if destination container also Java-based) and transfer it to the container. You can create a servlet to handle such cross container request.

Hope it helps.
I agree. Here's the link:
subject: Session Information / Multiple Containers
It's not a secret anymore!