Hi,
The reason your approach feels ugly and fragile to you is because it IS
;) Session-tracking is mandated by a couple of specs (J2EE, Servlet),
and tomcat implements it per the spec. If you do something different,
you will very likely have misbehaving 3rd party libraries that rely on
proper session tracking behavior.
Since you're rewriting your CGI scripts as servlets, why not modify them
to not expect the session-num parameter, and instead get the session ID
via normal java code (request.getSession().getId())? It's simpler,
standard, less code for you to write and test...
Please continue this discussion on the tomcat-user list, not tomcat-dev.
Yoav Shapira
Millennium Research Informatics
-Original Message-
From: Sandy McArthur [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 06, 2004 5:05 PM
To: [EMAIL PROTECTED]
Subject: Custom session tracking method?
Hi all,
Is there a way to implement custom session tracking at the container
level?
I'm trying to figure out how to implement a custom session tracking
method. I have a legacy client that interacts with a set of cgi scripts
and I'd like to port those scripts to servlets. I'm running into a
problem because the client passes session ids as a query parameter
named 'session-num' (e.g.: /update?session-num=TOKEN). The client does
not support cookies and there is no way to tell it use a JSESSIONID
encoded in the path.
I've followed the code as best as I can starting at
org.apache.coyote.tomcat5.CoyoteAdapter parses the JSESSIONID from the
request/cookies to where the org.apache.catalina.Manager fetches the
org.apache.catalina.Session and I don't see anyway to directly override
the session tracking behavior.
The best idea I currently have is to use a Valve and a custom Manager
and hope none of the Manager.{create,find}Session() methods are called
before my Valve can parse the request and stuff the session-num in a
ThreadLocal that Manager can use when returning a Session.
That feels ugly and fragile to me. Does anyone have a better solution?
Sandy McArthur
This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged. This
e-mail is intended only for the individual(s) to whom it is addressed, and may not be
saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
intended recipient, please immediately delete this e-mail from your computer system
and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
