"Varley, Roger" <[EMAIL PROTECTED]> writes: > I'm familiar with the way sessions work when I have a browser talking to a > servlet, but how does this work when my web application is not talking > directly to the client browser. We have been asked to participate in a > portal site that will allow clients to place orders with us via the portal > site. In this case the client browser is connected to the portal site. The > portal site recieves the requests via their own servlets which make an Http > call to servlets on our system, recieve the response and forward them to the > client browser. If I create a session object on our system, does this still > represent the session between the original client browser and our system or, > as I suspect, does this represent the session between ourselves and the > portal site? > > If as I suspect its the latter, then presumably I only see one session which > is shared by all clients. What would I then need to do to be able to track, > for example, which clients had been authenticated on our system and any that > had not?
The session tracking system is a simple means of associating a cookie (which the client holds on to and sends to your server with every request) with a hashtable in the servlet container. The session can only be associated with what the client sends you. So in short, you're right: the session in this case is between you and the portal site (which is the HTTP client in this case). There is a way round this. The portal site would need to pass you the ORIGINATING session id, then you could maintain a session (or a session like object) quite easily. Doing this well depends on how the portal works. You could get the portal to put the jsessionid (generated from your servlet container) back onto the portal's client's response and to pass the cookie back to you when a request comes in. If you can't do that you could just get the portal to pass you it's own session id and you could use that to make your own simple session implementation by making a hashtable of hashtables. First hash is keyed by sessionid and the contained hash if keyed by object identifier. All of that presumes you can alter the code of the portal. If you can't you're a bit screwed I'm affraid. Nic ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
