Re: Want to customise the tomcat's session logic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 11/9/2009 9:55 PM, André Warnier wrote: Christopher Schultz wrote: I wish you'd tell us what the heck you're trying to do because I'm certain there's an easier way to do it. Like maybe just add an attribute to the session, containing the path where the session was begat ? (if I remember the original exposé correctly) I was thinking of something even slightly more brute-force-y like: Write a filter (my favorite!) that you map multiple times to your webapp, once for each URI segment that represents the old, separate webapps. The filter wraps the request which wraps HttpSession objects handed-out by the requests. The HttpSession wrapped is configured with the URI segment from the old webapp and basically represents a prefix used to prepend to all session keys. The HttpSession object you get from the wrapper only gives you access to keys that have the proper prefix. So, the real session has data like: /oldWebappA:foo - This is a string from the old 'A' /oldWebappB:foo - This is a string from the old 'B' When the code from oldWebappA requests the value for the key foo, the wrapped HttpSession prepends /oldWebappA: to the beginning of the key and returns This is a string from the old 'A'. When the code from oldWebappB does the same, it gets This is a string from the old 'B'. You can also go crazy and use a search order like: a. If URI + key has a value, return that b. else, return value for just the bare key This would allow sessions to share /some/ data, but everything else would be segmented. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr50owACgkQ9CaO5/Lv0PBPfgCePjtorZAbO159mYG6FR+JSoGN /7oAnRJ1WSS6t73jk1SgcvHOK0jLj2YW =kKky -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to customise the tomcat's session logic
Ok, i think i see what you mean. As far as I know there is no quickwin for that. Web application suffer with this disease - that mean sharing session over tabs. You have got three choices to deal with that. A) You dont mind :) B) You will prevent to work in multitabs over one session C) You choose the third and the hardest - to support it :) Here are some ideas, but no of them is 100% 1) set tomcat to use URL rewriting indtead of cookies (http://tomcat.apache.org/tomcat-6.0-doc/config/context.html) 2) produce some tab/browser identification and divide session (maybe window.name property could be helpfull) 3) Look at JBoss Seam, it also support multitab browsing without harming session as i know. Good luck ;) 2009/11/7 S Arvind arvindw...@gmail.com: To my knowledge, there is no path attribute in the session. Are you proposing that you add one? deploy one app in tomcat by having context xml in catalinadomainxxx.xml . When you access this app check the session u will find the path attribute with xxx in it. So... do you mean that you want to deploy one web application (into a single context), but you want to separate certain parts of the session into different areas of the webapp? yes I don't believe that deploying the same webapp multiple times into different contexts has any effect on session sharing: Tomcat will treat them as different webapps and no session sharing will occur unless you have taken other steps to share sessions between contexts. Session sharing will not occur for different context. But i need to have single context still session should not be shared. Is it possible in single context.?? Consider i have one login app, after login i track the state by session. First i login that website in single tab in browser and session was created with details in it. And in another tab or window i need to login with different username without sharing the session. But if i did this first created session was overwrite by second session. Wat i need is two different session for same webapp running under single tomcat??? IS it possible?? Arvind S Many of lifes failure are people who did not realize how close they were to success when they gave up. -Thomas Edison On Sat, Nov 7, 2009 at 7:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arvind, On 11/2/2009 5:06 AM, S Arvind wrote: Basically my requirement is ability to control the session sharing in browser. Till now we maintained each application as different context but pointing to same doc-base. So different web application will be running on a same code to control the session sharing between different application. I don't believe that deploying the same webapp multiple times into different contexts has any effect on session sharing: Tomcat will treat them as different webapps and no session sharing will occur unless you have taken other steps to share sessions between contexts. But now we want to run in same context as one application but control the session sharing. So... do you mean that you want to deploy one web application (into a single context), but you want to separate certain parts of the session into different areas of the webapp? So i planned to customise session creation n management of the tomcat to our requirements to add some value to *path* attribute in session. Is this possible? To my knowledge, there is no path attribute in the session. Are you proposing that you add one? Modifying Tomcat's session management code is probably going to lead you down a path that leads to insanity: the APIs are not (officially) stable, there is no standard, etc. I suspect there is a better way to accomplish what you want to do... I just don't really understand what you want to do. Instead of speaking in generalities, why not give us a use case? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr00RcACgkQ9CaO5/Lv0PBeqwCfQK7r/8a0jn2jiHxyLkU0ypyA uXUAn19ms08C6ydU6DvZTdg6Ep6za6at =kDId -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to customise the tomcat's session logic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arvind, On 11/7/2009 11:35 PM, S Arvind wrote: is it possible to provide costume sessionid while creating session.? so that different time when session needs to be created i can create new sessionid and store it in cookie. No, you can't customize the session id, but you can register a listener that will be notified of session creation events: http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/http/HttpSessionListener.html Note that there aren't any objects available during this method that will let you set a cookie on the request. For that, you could write a Filter that wraps the request to intercept calls to getSession() and make sure that, if a session is created, your cookies are written as well. I wish you'd tell us what the heck you're trying to do because I'm certain there's an easier way to do it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr4m2MACgkQ9CaO5/Lv0PCA+QCcCI3cfZTtJx9C4d1O/hvT+Rux kLcAoLlTj04s7st0Sd4+B9rpx48TPVx8 =ZQDV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Want to customise the tomcat's session logic
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Want to customise the tomcat's session logic No, you can't customize the session id Well, you can, sort of. The StandardManager can be configured to use a specific algorithm for the message digest calculation. If you create a custom security provider, you could generate whatever digest value desired. However, it would probably be easier just to create a custom manager class, thereby allowing pretty much any session id desired. http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Want to customise the tomcat's session logic
Christopher Schultz wrote: I wish you'd tell us what the heck you're trying to do because I'm certain there's an easier way to do it. Like maybe just add an attribute to the session, containing the path where the session was begat ? (if I remember the original exposé correctly) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to customise the tomcat's session logic
To my knowledge, there is no path attribute in the session. Are you proposing that you add one? deploy one app in tomcat by having context xml in catalinadomainxxx.xml . When you access this app check the session u will find the path attribute with xxx in it. So... do you mean that you want to deploy one web application (into a single context), but you want to separate certain parts of the session into different areas of the webapp? yes I don't believe that deploying the same webapp multiple times into different contexts has any effect on session sharing: Tomcat will treat them as different webapps and no session sharing will occur unless you have taken other steps to share sessions between contexts. Session sharing will not occur for different context. But i need to have single context still session should not be shared. Is it possible in single context.?? Consider i have one login app, after login i track the state by session. First i login that website in single tab in browser and session was created with details in it. And in another tab or window i need to login with different username without sharing the session. But if i did this first created session was overwrite by second session. Wat i need is two different session for same webapp running under single tomcat??? IS it possible?? Arvind S Many of lifes failure are people who did not realize how close they were to success when they gave up. -Thomas Edison On Sat, Nov 7, 2009 at 7:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arvind, On 11/2/2009 5:06 AM, S Arvind wrote: Basically my requirement is ability to control the session sharing in browser. Till now we maintained each application as different context but pointing to same doc-base. So different web application will be running on a same code to control the session sharing between different application. I don't believe that deploying the same webapp multiple times into different contexts has any effect on session sharing: Tomcat will treat them as different webapps and no session sharing will occur unless you have taken other steps to share sessions between contexts. But now we want to run in same context as one application but control the session sharing. So... do you mean that you want to deploy one web application (into a single context), but you want to separate certain parts of the session into different areas of the webapp? So i planned to customise session creation n management of the tomcat to our requirements to add some value to *path* attribute in session. Is this possible? To my knowledge, there is no path attribute in the session. Are you proposing that you add one? Modifying Tomcat's session management code is probably going to lead you down a path that leads to insanity: the APIs are not (officially) stable, there is no standard, etc. I suspect there is a better way to accomplish what you want to do... I just don't really understand what you want to do. Instead of speaking in generalities, why not give us a use case? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr00RcACgkQ9CaO5/Lv0PBeqwCfQK7r/8a0jn2jiHxyLkU0ypyA uXUAn19ms08C6ydU6DvZTdg6Ep6za6at =kDId -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Want to customise the tomcat's session logic
From: S Arvind [mailto:arvindw...@gmail.com] Subject: Re: Want to customise the tomcat's session logic deploy one app in tomcat by having context xml in catalinadomainxxx.xml . When you access this app check the session u will find the path attribute with xxx in it. You're confusing the session with the cookie. The session is a spec-defined object in the JVM heap, whereas the cookie is the standard means of passing an id associated with the session to the client. The path information in the cookie normally reflects the URI used when the cookie was generated by the server, but it doesn't have to. Wat i need is two different session for same webapp running under single tomcat??? I don't think either the servlet spec or any browsers will support that. You'll need to generate your own set of cookies, separate from session handling. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to customise the tomcat's session logic
is it possible to provide costume sessionid while creating session.? so that different time when session needs to be created i can create new sessionid and store it in cookie. Many of lifes failure are people who did not realize how close they were to success when they gave up. -Thomas Edison On Sun, Nov 8, 2009 at 5:15 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: S Arvind [mailto:arvindw...@gmail.com] Subject: Re: Want to customise the tomcat's session logic deploy one app in tomcat by having context xml in catalinadomainxxx.xml . When you access this app check the session u will find the path attribute with xxx in it. You're confusing the session with the cookie. The session is a spec-defined object in the JVM heap, whereas the cookie is the standard means of passing an id associated with the session to the client. The path information in the cookie normally reflects the URI used when the cookie was generated by the server, but it doesn't have to. Wat i need is two different session for same webapp running under single tomcat??? I don't think either the servlet spec or any browsers will support that. You'll need to generate your own set of cookies, separate from session handling. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to customise the tomcat's session logic
On Mon, Nov 2, 2009 at 5:03 AM, Pid p...@pidster.com wrote: On 02/11/2009 10:06, S Arvind wrote: Hi Tomcat developers, Bascially my requirement is ability to control the session sharing in browser. Till now we maintained each application as differnet context but pointing to same doc-base. So different web application will be running on a same code to control the session sharing between different application . But now we want to run in same context as one application but control the session sharing. So i planned to customise session creation n management of the tomcat to our requirements to add some value to *path*attribute in session. Is this possible? I'm not sure your question is very clear, perhaps if you are able to make your question clearer someone will be able to help. If I understand correctly, you want to combine apps under a single context, but you still want some control over data in session, perhaps using a 'path' within the session object to store different values for different 'apps.' I know next to nothing about session management infrastructure in tomcat, but I happened to notice another mail o the list that mentioned the SessionManager which is specified in context.xml (I think). Based on that small piece of information, I'm guessing that you could provide your own SessionManager, which is likely responsible for creating new sessions and managing existing sessions. If so, it seems likely that you can manage sessions any way you'd like. For instance, whenever the session object is accessed, you could first inject the current 'path' for the request based on attributes in the request object, which would cause all attributes to be set with that path prefix in the session during that request. Documentation for the SessionManager object is here: http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html
Re: Want to customise the tomcat's session logic
On 02/11/2009 10:06, S Arvind wrote: Hi Tomcat developers, Bascially my requirement is ability to control the session sharing in browser. Till now we maintained each application as differnet context but pointing to same doc-base. So different web application will be running on a same code to control the session sharing between different application . But now we want to run in same context as one application but control the session sharing. So i planned to customise session creation n management of the tomcat to our requirements to add some value to *path*attribute in session. Is this possible? I'm not sure your question is very clear, perhaps if you are able to make your question clearer someone will be able to help. p Is there anyother way to solve this session sharing?? Thanks in advance. Arvind S - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
