Re: Problem preserving HttpSession between HTTP and HTTPS pages

Tue, 16 Nov 1999 16:16:37 -0800 

Alex wrote:

> Correct but only for 2.0 servlet spec.
> HttpSessionContext interface has been deprecated as a
> whole in 2.1. You can no longer ask a servlet engine
> for a session by a session ID.
>

Right but if you are running within the same servlet engine (ServletContext)
then you can store our original session in the ServletContext, later in your
different URI, retrieve it and go. Something like this...

        String originalSessionId = req.getParameter("customerSessionId");
        if(originalSessionId != null)
        {
            ServletContext myServletContext = getServletContext();
            HttpSession originalSession =
(HttpSession)myServletContext.getAttribute(originalSessionId);
            myServletUtil.copySession(originalSession,session);
            //remove the original HttpSession instance from the
ServletContext
            myServletContext.removeAttribute(originalSessionId);
        }

If you are not in the same VM then Alex is right, there are lots of possible
hurdles to overcome in storing/restoring our original session and related
objects.

> If you're not running in a single VM or your sessions
> are persisted to disk or database, you can't use the
> approach above. In this case, your application needs
> to be explicitly designed for HTTP/HTTPS session
> affinity. The path of least resistance in this case is
> to restore the state (your session contents) from the
> well-known point (database, file, session manager
> somewhere), stuff it into your new session and go from
> there. Your business logic has to be careful with
> assumptions of continuity. Last but not least: if
> you're running in a distributed environment with
> sticky load-balancing, you can use the first approach.
>


========================================
Mike Fontenot - Object Systems Architect
Polygon Network, Inc.
Golden, CO
========================================

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to