On Tue, 13 Mar 2001, Milt Epstein wrote:
> On Fri, 9 Mar 2001, Richard Yumul wrote:
>
> > Actually, that helps considerably; Is that part of the servlet spec,
> > or is that just a feature of Tomcat?
>
> Not sure exactly. I think it has to at least be partly part of the
> spec, because getContext() is part of the API. But I don't know
> exactly what the spec has to say about it (of course, you can go read
> the spec, it's available at sun, and relatively easy reading, as these
> things go :-).
>
http://java.sun.com/products/servlet/download.html :-)
> Also, Tomcat is supposed to be the reference implementation of the
> spec, so you'd think they'd stick to it pretty closely.
>
>
> > I guess what I really am asking is it possible to share the
> > HttpSession object between web apps?
>
> Not really sure on this -- I think there may be some complications in
> trying to do this. I have seen some discussion of this on another
> servlet-related list I'm on -- servlet-interest, run by Sun. You
> might check there -- you can access the archives from:
>
No, it is not possible to share session attributes between web apps. This
is specifically prohibited in the spec. To understand why, think about
what happens when webapp A loads a class from its own WEB-INF/classes
directory and stores it as a session attribute. Now, let's assume that
the container allowed you to reference the session from webapp B -- if you
try to access that session attribute, you would get either
ClassNotFoundException (because the class is not visible to webapp B's
class loader) or ClassCastException (because a class "foo" loaded from
webapp A's class loader is not the same as a class "foo" loaded from
webapp B's class loader).
Tomcat 4.0 includes optional "single sign on" support that allows a user
to authenticate themselves once across a set of cooperating web
applications on the same virtual host. However, the user still ends up
with a session on each web application.
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
