> If its in its own web app, then their sessions shouldn't collide? A quick test shows this is indeed correct. Since I was embarrassingly ignorant, I took the time to dig it up in the servlet specification (2.5), which confirms this is a general facility of servlet containers to isolate sessions in different contexts:
SRV.7.3 Session Scope HttpSession objects must be scoped at the application (or servlet context) level. M -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
