Note that *just* storing the EJB reference on the HttpSession is
*not* sufficient, since the
HttpSession can in invaldiated or can timeout regardless of the fact
that the client does not
believe it has completed it's interaction with the server. Thus you
should encode the Serialized
Handle to the EJBObject as a Cookie in the HttpServletResponse and
restore it from the Cookie
retrurned in subsequent HttpServletRequest(s) (as per my previous
example).
Also note that until we introduce a better definition of an
Application Model for Servlets that
storing such state in the HttpSession object has security
implications in that it can be shared
across all Servlets in a web server ... we hope to fix this real
soon now as part of the JSP and
Servlet work we are doing for J2EE ...
Rgds
- Larry
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
