> In
> fact, it still seems like that would be likely, since the
> servlet api is
> overly brittle if we can affect others like that. For one
> thing, what does
> it mean that my JRun engine puts a timeout on a session if
> that session is
> really shared?
This is a problem with more than just the Servlet API. ASP, ColdFusion,
etc. suffer from the same problems. Sessions that these products provide
are really helpful for simple projects and can lead you down a REALLY evil
path when your project gets more complicated.
> Aren't sessions just fancy items based on a
> JRun specified
> cookie (or via url rewriting if cookies are not there) that
> I'd presume is
> tied to my web site and not yours?
Well, strictly speaking a session is something that is used to tie together
otherwise disparate user activity. If that activity spans several server
applications, as it often does, then having one server application presume
to know about all other potentially involved server applications can get you
in a world of trouble.
Just my two cents because I was burned by this a long time ago.
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
