Clarification -
With both approaches you are passing around a random session ID, not a
'stringified' session object or an account number.
Save your session settings in a user table, or in a "session" table that
maps a session ID to a user ID. Write a database job that deletes sessions
after x minutes of inactivity. You get the idea. Write to me off-line if
you need more detail on that.
Andy
-----Original Message-----
From: Andy LaMora [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 23, 2000 11:06
To: [EMAIL PROTECTED]
Subject: RE: Does session migration work with Tomcat ??
I don't have an example handy, but there are several ways of accomplishing
this.
The most standard approach is to save session information to user tables, or
name/value 'hash' type tables, in a central or clustered database. You can
then track session information in one of a couple fashions:
1. Cookies - save a session to a cookie, map the session to a userID in
the database. Make your ID complex to prevent random guessing of account
numbers.
2. URL rewriting - same basic approach as cookies, but pass the ID via the
querystring instead. MS Site Server uses this approach.
I believe HTTPServletSession uses the cookie approach automatically, but not
being an expert, I'm not 100% certain. Perhaps somebody could answer that
for us... ?
Andy LaMora
-----Original Message-----
From: Matthias Barmeier [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 23, 2000 10:54
To: [EMAIL PROTECTED]
Subject: Does session migration work with Tomcat ??
Hi,
is it possible to use session migration with tomcat ??
Or does anybody has a snippet or an url where I can get some hints ??
What I want is several tomcat servers behind a load balancing hardware that
are session aware.
Is this possible ??
Ciao
Matze
/*
Dipl.-Inform. Matthias Barmeier Tel: +49 (0)30 79 70 72 87
B�ro f�r Softwareentwicklung Fax +49 (0)30 79 70 72 88
Grunewaldstr. 18 Email: [EMAIL PROTECTED]
12165 Berlin WWW: <http://www.barmeier.com>
*/
