aspose file tools*
The moose likes Servlets and the fly likes Basic question in sessions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Basic question in sessions" Watch "Basic question in sessions" New topic
Author

Basic question in sessions

Ram Gokul
Ranch Hand

Joined: Oct 07, 2005
Posts: 85
Hi,
Is HttpSession an attribute of a container or for a webapplication ?
If I forward the request from app to another app , with jsessionid , will i be able to see the login user ( which is a session attribute ) in the second app also.

ie. From http://myname.com/myfirstapp/logon.jsp--> I forward to servlet which intializes the login user object and based on parameters , forward it to http://myname.com/secondapp/ with URL rewriting ..In this second app , can i see the User object.

I tried and it is not working but i think it should . Maybe I am making mistake in session rewriting ..Any advice.
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

You shouldnt be able to. The session was created for that application and that application only. You cant use the jsessionID for other applications since the container will not be able to associate with that session. Imagine if you could log into yahoo and be redirected to hotmail (and logged in automatically) just because you have a jsessionID allocated to the user. Yikes !


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
Ram Gokul
Ranch Hand

Joined: Oct 07, 2005
Posts: 85
OK.I see your point .
I am in the process of developing a SSO page where in a User logs in once and gets the menu . From that menu he can launch different applications . ( reports / UI / lookups) .They are in the same container but different Contexts .
How do i achive this then ? Any ideas.
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

You would have to do it with Kerberos , GSS i guess. I have not implemented this at any point in my life but I did find some nice articles about it on the net.

http://www-128.ibm.com/developerworks/java/library/j-gss-sso/

http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html

Check if they work out for you. Some interesting stuff. So interesting that I am gonna try to implement it over the week end. Good luck
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
SSO implementation and configuration is container specific.The way its done on Tomcat 5.x is differernt from the way its done in OC4J or wepsphere or weblogic.
Look the vendors documentation.


Rahul Bhattacharjee
LinkedIn - Blog
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
In case you want to implement the same for Tomcat.

SSO in Tomcat 5.5
 
Don't get me started about those stupid light bulbs.
 
subject: Basic question in sessions