"Godbey, David" wrote:
> Good question! I've been wrestling with this problem for a different reason.
> Try tracking servlet sessions from a plugin without this class!
>
> I have a proposal.
>
> How do I go about requesting a method from Sun? And do you folks concur? Or
> do you have a better idea?
>
Feedback on the servlet API should go to the email address on the front cover of
the servlet spec:
[EMAIL PROTECTED]
See below for comments related to your specific problem.
>
> Problem:
>
> Applet-servlet communication when applet lives in Java JRE plugin (1.2 for
> example).
>
> When an applet is running in JRE plugin (I assume plugins will be around for
> as long as browser releases lag Java releases), it is actually running in a
> different application than the browser. As a result, they do not share
> cookies.
>
> What this means is that it is difficult tracking servlet sessions given this
> situation.
>
> Temporary solution:
>
> A temporary solution is to capture the sessionId first trip to servlet and
> pass it back and forth between applet and servlet subsequently to maintain
> state. To set the desired session containing the session variables of
> interest, you can use HttpSession.getSessionContext, then pass the sessionId
> string to the HttpSessionContext.getSession method to get your old session
> back.
>
If your applet can find out what the "real" session ID is this way, why do you
then need to do anything special on subsequent requests from the applet? As
long as your request is formatted the same way that the browser would do it
(either with a session cookie or the appropriate URL rewriting), then the
standard session support inside the servlet container will be utilized.
Let's take that a little slower to see what I'm talking about. In the
formatting details I'm assuming that you are talking to a 2.2-compliant servlet
container, where the mechanism by which the session ID is passed back and forth
is standardized and therefore portable. If you're on an earlier rev of the
servlet API spec, you'll need to mimic what your current servlet engine expects.
* When the applet is initialized, it needs to be told what session ID to
access (i.e. the same one your page is using). The simplest way to
do this is, as you are generating the <applet> tag in a servlet or JSP
page, just include an applet initialization parameter containing the
session id.
* On subsequent requests to the server, format the request the same way
the browser would. If you are using cookies, that means adding a cookie
with the name "JSESSIONID" (as of the 2.2 spec) and a value equal to
the session identifier. If you're using URL rewriting, format your URL like
this:
http://www.mycompany.com/my/url;jsessionid=xxxxx
where "xxxxx" is the session ID.
* In your servlet that receives this request, just use the standard technique
of calling request.getSession(), and it will grab the same session (for the
applet) that your browser pages are using. Nothing special is required.
Doing things this way means that your pages and applets share the same session
ID, and therefore the same session.
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
