Ben Cleora wrote:
> Hi,
>
> This is not directly related to Apache. But I figure
> Apache contributors must have answered this question
> befor building the server.
>
> According to JSP 1.0 Spec, appendix B5,
> "There are no two servlet instances that belong to the
>
> same session and yet they have two different
> ServletContexts."
>
> And according to appendix B3, a ServletContext
> defines a "web application."
>
> A user at a browser connecting to a server can only
> keep one HttpSession, and no more. My understanding is
> that a session is per user per client machine per
> server, period. Is that correct?
>
Your first statement (in the paragraph above) is not correct. A
particular user can hold a number of simultaneous active sessions to
different applications. If those apps run in different servlet contexts
on the same virtual host, it is up to the server configuration to make
sure there are no problems with this.
>
> If so, is appendix B5 saying that this user can only
> "have" one ServletContext, or can only run one
> "web application" according to appendix B3?
>
No, what this is saying is that a single session cannot cross a
ServletContext boundary -- either on the same virtual host or a
different virtual host.
>
> Then how does anyone run two web applications on the
> same server using two browser windows on the same
> client machine?
>
If you are using URL rewriting, there's never any problem ... each
window is totally independent.
If you are using cookies, it still works as long as the server is
configured correctly. This is because the cookie used for the session
ID is also tagged with the context path (a prefix of the request URI)
for the particular servlet context it belongs to, so the correct session
ID is sent for each application.
You are more likely to have problems with two windows on the same client
talking to the *same* application. Depending on how your client is set
up, the windows will share cookies, and therefore access the same
session.
>
> Thanks
>
Note that none of the discussion above applies to Apache JServ 1.0 at
all, because JServ predates the version 2.1 servlet API that JSP 1.0 is
based on. In particular, Apache JServ violates the rule about sessions
being limited to contexts -- they can currently cross zones and even
cross virtual hosts. This will be changed when Apache JServ is brought
into conformance with the 2.1 (and soon 2.2) version of the API spec.
>
> - Ben
>
Craig McClanahan
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
READ THE FAQ!!!! <http://java.apache.org/faq/>
Archives and Other: <http://java.apache.org/main/mail.html/>
Problems?: [EMAIL PROTECTED]
