----- Original Message -----
From: "WILLIAMer" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Monday, July 07, 2008 5:51 AM
Subject: tomcat with jcaptcha
Hi! all,
I have an application named "eCom" unnder the tomcat/webapps and using
jcatpcha with the login page.
I set the eCom becomes the root dir(path) with the server.xml.
So, http://myDomain/ will equal http://myDomain/eCom/.
And its seems ok and work with every page.
But there is an error when I try to login. The jcaptcha give me an
exception.
"com.octo.captcha.service.CaptchaServiceException: Invalid ID, could not
validat
e unexisting or already validated captcha"
So i try another login page with the http://myDomain/eCom/, but its work
fine.
In fact , the login page is the same.
I think "http://myDomain/Login.jsp"; and "http://myDomain/eCom/Login.jsp";
is
the same.
Because i set the dir "eCom" become my root dir.
I dont know how this error cause?
I try to google this exception , but no one likes me.
Ha ha... you nice guy.... difficult question ;)
Sessions dont share across webapps....
It sounds like you making duplicate webapps in different contexts... ie
eCom, ROOT
Session will *not* move across....
Its easier to REDIRECT from ROOT to ecom/login.
Not have two webapps
If you *have to* try share sessions, then read about...
<Connector port="8080" and the... emptySessionPath="true"
This will make "browser cookies" come back to all webapp.... not a good
thing... slow
Then read up on
<Context and the.... crossContext="true"
This allows one to pass data between webapps... so you can call across from
one webapp to another and get captcha ID...
This is all more complicated than being Robert Mugabe's psychiatrist ;)....
but google on this and you will learn...
If using Tomcat security... not possible to move authorization from one
webapp to another....
Also read up on singletons... ie sharing data in common/lib.... its another
way to share data across webapps.... and probably the best way if combined
with you make your own path-less "/" cookie and use that....
So you can have one webapp and one servlet generating captcha images and get
the ID... "check text" yourself.
The reason browser do not send back cookie information is that if they use a
cookie path..... like /webapp1 and it will not come back to /webapp2
But cookies *can* be made pathless...
I got my own captch software so dont know Jcaptcha... but you should ask
this question to the JCatcha guys... its a common problem and maybe they
have the answer... they have probably done it already... possibly through
dB/singleton/cross context/shared file ... you see its hard problem... many
solutions.
You english is hard to understand.... but I thing the question is... "I got
one webapp with a servlet generating captcha images... for all my other
webapps... how to I share the "check text".... to do this I need to track a
cookie across contexts... can JCaptcha do it?
.... but one thing you cant do, is just duplicate a webapp in /admin /root
/eCom.... and think that the security and session will work across them...
it wont.
Its not so much about the way Tomcat works... its about the way *browsers
work*
Good Luck...
ps: Think about this... this is the way we do captcha...
We generate many captcha images on disk *one time*.... the webapp picks one
randomly.... say image_1500.gif and sends it... and the dB knows that image
1500 is "Check Me".... thats small enuf to put in all webapps and a dB is
happy to work across webapps.... each webapp has its own session... and 5
lines of code ;)
The whole captcha problem starts when a "different" webapp is doing the
"random selection"... this is also very quick, captcha takes a long time to
generate.... and your linux server can be headless... because captcha
generation needs the Java UI to work.... ;)
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
