So I'd have a servlet mapped to /login.
Protect it with Basic Auth, so that takes care of the Auth, and then
you're passed on to the /login servlet. This login servlet creates a
new session, and then does one extra step.
It maps in the ServletContext ('application') the custom session-num
you've just created , to the jsessionid.
your client does not have cookies. It does not have a jsessionid in the
URL either. So to Tomcat, any subsequent requests would appear to have
no session. So...
Construct a filter, mapped to '/*' (everything). In the filter,
retrieve the session-num from the request parameters, lookup the actual
jsessionid from the application context, and then ....
This is where it gets fuzzy for me...
1) 'append' the jsessionid as a parameter and doChain() ? (that probably
won't work, jsessionid in the URL is more special than just 'another
parameter').
2) 'rewrite' the URL yourself, placing the jsessionid where it ought to
be
http://www.foo.com/originalURI;jsessionid=56D49A19C332F095C79CABFC621B50
B1.tomcat2?originalParam1=A&originalParam2=B&etc
And then .forwad() this request, but don't doChain().
Is any of that craziness ??
> -----Original Message-----
> From: Sandy McArthur [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 07, 2004 10:45 AM
> To: Tomcat Users List
> Subject: Re: Custom session tracking method?
>
>
> The first request the legacy app makes is to /login which it
> uses your
> normal Basic authentication which is nice because I can use a
> standard
> Realm. In the response to /login is a session number the
> client should
> use along with some data about the user's account. Unfortunately the
> session number must fit in a 4 byte integer in the app. :( After that
> the session is passed around via the session-num query param.
>
> Sandy McArthur
>
> On Apr 7, 2004, at 11:33 AM, Mike Curwen wrote:
>
> > How does your legacy client *first* get the session id ?
> >
> >>> the client passes session ids as a query
> >>> parameter named 'session-num'
> >
> >
> > From whence does the "session-num" query parameter come? Does the
> > legacy client create a random number and use it? Do the
> cgi scripts
> > pass it back on a login of some sort, and then from that point, the
> > legacy app appends it to any further queries?
> >
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
