Try to use cookies, if you between ASP and JSP.to share information or you could the the URL like http://127.0.0.1/blah.jsp?login=edson
> ---------- > De: Schleimer, Ben[SMTP:[EMAIL PROTECTED] > Responder: Tomcat Users List > Enviada: quinta-feira, 27 de fevereiro de 2003 11:19 > Para: Tomcat Users List > Assunto: Sharing session info between Tomcat and IIS > > Hi, > > I am working on a project which must securely > Timeout the user for security purposes. Unfortunately, > all of the login/logout code has been written (not by > me) in ASP. I really want to use Servlets for the > project instead of ASP. I was thinking of storing the > user's last access time in the backend DB and updating > it everytime a user makes a request to Tomcat. But > this requires a DB lookup every request. Is there a > more direct way to communicate session info between > IIS and Tomcat? > > Thanks, > Ben > > --- Greg Speechley <[EMAIL PROTECTED]> wrote: > > Hi Yoav, > > > > I was wondering why using sessions is unreliable for > > tracking users who are > > logged in, getting last accessed time, etc? I would > > have thought that > > storing all the current sessions in a Vector (or > > some other data structure) > > with a User object (storing all their relevant info) > > bound to each session > > would work well. What alternative would you suggest > > because the situation > > described by R.C.Nougain sounds very similar to what > > we have where I work. > > > > Cheers > > Greg Speechley > > > > -----Original Message----- > > From: Shapira, Yoav [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, 26 February 2003 12:46 AM > > To: Tomcat Users List > > Subject: RE: Tomcat 4.1.18 session objects > > > > > > > > Howdy, > > > > >Where can I find the changes list from Tomcat 4.0.x > > to Tomcat 4.1.x. > > > > Download any release of tomcat. Explode the > > distribution and you'll see a > > bunch of release notes files, one for each labeled > > release, detailing what's > > new in that release. > > > > >| For each user session I store the reference| to > > the session in a Vector > > >so that I > > >| can tell what users are logged-in, > > last-accessed-time etc. It was working > > >fine > > >| in Tomcat 4.0.4. But in Tomcat4.1.18 (perhaps due > > to new specifications) > > >session > > >| objects are pooled (StandardSessionFactory) and > > hence the references I > > >| am storing in the Vector become useless across > > the jsp page calls. I have > > >a > > >| thread that uses this Vector to clean up the > > users that are timedout but > > >since > > >| the session refs in my Vector are useless I can > > do nothing. Instead of > > >| storing the refs if I store Session IDs then can > > I get ref to a session > > >from > > >| JSP Server so that I can get the attributes I > > have set in it. Please > > >comment. > > > > Since you only asked for comments... There is no new > > specification regarding > > http servlet sessions from tomcat 4.0 to 4.1. It's > > still the servlet spec > > v2.3. > > > > Your design is vulnerable to any changes in the > > container session façade > > implementation. Note that the container is not > > required to provide you with > > a session list per se. > > > > I don't think using sessions to track who's logged > > in and last-access-time > > for resources is reliable. But if you want to do it > > that way, write an > > HttpSessionListener. It was created for these sort > > of session tracking > > things. Move your vector into that listener. Add a > > reference each time a > > session is created, remove it when a session is > > destroyed. Add whatever > > other functionality you need to the listener. > > > > Yoav Shapira > > Millennium ChemInformatics > > > > > > > > This e-mail, including any attachments, is a > > confidential business > > communication, and may contain information that is > > confidential, proprietary > > and/or privileged. This e-mail is intended only for > > the individual(s) to > > whom it is addressed, and may not be saved, copied, > > printed, disclosed or > > used by anyone else. If you are not the(an) > > intended recipient, please > > immediately delete this e-mail from your computer > > system and notify the > > sender. Thank you. > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > ===== > "The competent programmer is fully aware of the strictly limited size of > his own skull; therefore he approaches the programming task in full > humility, and among other things he avoids clever tricks like the plague" > - Edsger Dijkstra > > http://snow.prohosting.com/bensch > > __________________________________________________ > Do you Yahoo!? > Yahoo! Tax Center - forms, calculators, tips, more > http://taxes.yahoo.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
