Originally posted by Susan Oso:
Can somebody explain how https can be used to maintain session state, as described in the Sun Certified Enterprise Architect for J2EE - Study Guide, p144?
www.classic-and-class.com - www.evalulearn.com
Interfaces are the glue of OO.
Originally posted by Thomas Taeger:
Could HTTPS turn the communication with a stateless Session EJB to a stateful communication so the same EJB would be locked for the duration of the HTTPS session? Thereby allowing multiple server turn-arounds within one HTTPS session?
Originally posted by Peer Reynders:
If it wants to allow a session it can return a unique session ID for the client to use on the next request. Given that SSL/TLS already tracks the session (state) it is no longer necessary to put a separate session identifier in an HTTP header or in the URL.
www.classic-and-class.com - www.evalulearn.com
Interfaces are the glue of OO.
Originally posted by Nathan Mathi:
I dont think communication protocol has any effect on functioning stateless/stateful beans.
www.classic-and-class.com - www.evalulearn.com
Interfaces are the glue of OO.
Originally posted by Thomas Taeger:
This statement uses "state" somehow synonymous to "session" or more precise to "session id", right?.
In a two tiered architecture, consider using long persistence contexts.
Database Transactions have to be as short as possible for best scalability. However, it is often neccessary to implement long running application transactions, a single unit-of-work from the point of view of a user. An application transaction might span several client request/response cycles. It is common to use detached objects to implement application transactions. An alternative, extremely appropriate in two tiered architecture, is to maintain a single open persistence contact (session) for the whole lifecycle of the application transaction and simply disconnect from the JDBC connection at the end of each request and reconnect at the beginning of the subsequent request. Never share a single session across more than one application transaction, or you will be working with stale data.
Originally posted by Peer Reynders:
As far as the SSL/TLS layer is concerned, the session id is the state. [...]
Originally posted by Peer Reynders:
So when you use HTTPS, the client's browser doesn't have to have cookies enabled, nor do you have to worry about URL-rewriting in your JSP pages.
Originally posted by Peer Reynders:
In order to use HTTPS with EJBs you will have to put a servlet between the client
www.classic-and-class.com - www.evalulearn.com
Interfaces are the glue of OO.
Originally posted by Susan Oso:
Can somebody explain how https can be used to maintain session state, as described in the Sun Certified Enterprise Architect for J2EE - Study Guide, p144?
Using the state in the SSL connection at the application level avoids the security problems associated with cookies or URL Rewriting, and enhances security because of the nature of SSL.
Originally posted by Thomas Taeger:
For business state - and this is the state we usually are interested in - we still need URL rewriting, Cookies and / or Statefull SessionBeans (SFSB, or outside of the exam maybe SFSB-alike replacements) as long as we use HTTPS or HTTP.
Originally posted by Thomas Taeger:
Also take into account that agents access needs to be twice as fast as customer access!
Originally posted by Peer Reynders:
And who brought EJBs into it, thereby confusing the issue, eh?
Originally posted by Susan Oso:
Can somebody explain how https can be used to maintain session state, as described in the Sun Certified Enterprise Architect for J2EE - Study Guide, p144?
www.classic-and-class.com - www.evalulearn.com
Interfaces are the glue of OO.
Regards, Abdul Mohsin
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime. |