-Tim
Tim Funk wrote:
You can't, you must use a Valve if you need to grab a Session from another source than the standard spec stated ways. Any other servlet vendor should have a similar answer. If they deviate from the above answer, they lie.
-Tim
Justin Ruthenbeck wrote:
A general Tomcat question, irrespective of Tomcat version or platform. Here goes...
For Http requests, JSESSIONID values are passed to the server from either a cookie stored by the browser or an additional parameter included in the request. Tomcat creates the appropriate HttpSession object before control gets to the Filter and/or Servlet and makes it available via HttpServlerRequest#getSession(boolean). This is fine.
I have a situation now where the JSESSIONID comes from an alternate source (encoded in the body of the message, for example). Custom code at the Filter level can parse the message body and find the JSESSIONID. Tomcat, however, doesn't know this and therefore does not grab the correct HttpSession and make it available through HttpServletRequest#getSession().
Given the following constraints, does anyone have any ideas?
(1) The client is not capable of understanding 302 (Redirect) responses.
(2) No modification of *internal* Tomcat classes are possible. Usage of Tomcat specific Valves/etc. are possible.
(3) If possible, Servlet code should not change. I would much prefer all logic to exist in a Filter (if not possible, this is flexible).
(4) If possible, I don't want to maintain a separate collection of HttpSession objects local to a given Object.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
