Mon Cab wrote:
I like the idea of the session map though. Maybe use a singleton to
store the map and then access the sessions from there. Why do you say
this might not be a good idea?
For the same general reason getting access to a session that isn't
associated with the request is probably a bad idea: security concerns.
Depending on what you store in session, having a cross-context ability
in essence opens up the possibility of a clever hacker somehow stealing
information they should never have had access to.
I'm also not entirely sure any app server will let you do it... I
wouldn't be surprised, especially in something like Websphere which can
get king of anal about this sort of thing, won't let you keep a
reference to session outside the context of the request. I have no
evidence of this, it's just a hunch.
In the end though, like you said yourself, if it's only the data in
session your really interested in, there are ways to do that. One could
argue the same security concerns would be present there, but at some
point it has to enter the realm of a design decision... you know what
the consequences might be, and decide to accept them. Heck, maybe I'm
seeing creatures in the shadows that aren't really there anyway! (i.e.,
maybe there's not really any security issues). I've dealt with security
enough though to know that the first time you assume there's no concern,
you get burnt :)
Frank
--- "Frank W. Zammetti" <[EMAIL PROTECTED]> wrote:
Mon Cab wrote:
Im guessing that this might require my storing the sessionId's in
the
db when the users log on. Such a shame.
I think even doing that it wouldn't be possible to get the session
object itself... I seem to recall there being some security
restrictions
around that (which makes sense if you think about it)... IIRC, that's
also the reason that getSession() method was removed in the first
place.
If the information in session is all your actually interested in
though,
and not the session object itself, you could certainly get away with
throwing a filter in front of your app that grabs session from the
request and pulls the pertinent info from it and shoves it in a
database, keyed by session ID (or whatever else makes sense).
Obviously
a performance concern, not to mention the security implications, but
would certainly work.
I suppose you could try stuffing a reference to the session object
itself into some map, although I'm not at all sure that'd work... I'm
more sure though that it wouldn't be spec-compliant, and probably not
a
good idea for other reasons besides :) Still, might be doable, you'd
have to test the theory.
Frank
--- "Frank W. Zammetti" <[EMAIL PROTECTED]> wrote:
Hi,
I don't believe there is a container-neutral way to do this, I
think
any
solution would have to be dependent on what app server your
running
on
and something specific to it.
Frank
(P.S. - I could be wrong! LOL)
Mon Cab wrote:
I am trying to integrate a web application to an external
service,
and
need to be able to take an incoming sessionId from the external
service server, and to return details from the session to which
that
sessionId applies.
I understand that there was a getSession(String sessionid)
method,
in
HttpSessionContext which has since been deprecated.
Does anyone know how I would do this, with the Servlet 2.3 APIs?
____________________________________________________________________________________
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________________________________________________________
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
http://autos.yahoo.com/green_center/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
