On Wed, 21 Nov 2001, Daniel Rall wrote:
> Date: Wed, 21 Nov 2001 11:36:07 -0800
> From: Daniel Rall <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Emulating JServ's session.topleveldomain with Catalina
>
> Using Tomcat 4.0.1, is there any way to emulate JServ's
> session.topleveldomain context configuration?
>
> # Set the domain= header that gets sent with the cookie. This is
> # entirely optional
> # Default: null
> # this is needed when we vhost to avoid multiple login
> session.topleveldomain=.foo.com
>
> I would like all requests to the set of virtual hosts represented by
> the glob *.foo.com to share the same session ID. I was hoping that
> org.apache.catalina.authenticator.SingleSignOn would handle this, but
> it did not (a new session identifier was assigned each time I visited
> a different vhost).
>
True -- the only thing SingleSignOnValve will do for you is make the user
sign in only once when you use container-managed security. You still end
up with one session per webapp.
> Anyone spare a clue?
>
Unfortunately, implementing this functionality would violate the Servlet
spec's requirements about sessions being scoped to a single
ServletContext. Even if you were willing to do this, you're going to run
into lots of technical problems due to the fact that each webapp is loaded
by it's own classloader -- trying to access a session attribute loaded
from a different webapp will throw ClassNotFoundException errors at you.
> Thanks,
>
> Daniel Rall
>
Craig McClanahan
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
