On Mon, 14 May 2001, Mihai Popoaei wrote:
>
> Hello,
>
> How can I have the same session for many web sites?
>
> By default, for the first request tomcat creates a implicit session and
> sends a cookie with domain=servername. What I wanna do is setting this
> cookie for domain=partian domain name (like .kiki.ro) (that means this
> cookie will come back for all the hosts ending with .kiki.ro and I'll have
> the same session for all the sites :)). I think I have to say that I use
> the same application context for all this sites...
>
> Another problem is using the same session between applications... I know
> it is not conform the sun specifications (... HttpSession objects must be
> scoped at the application / servlet context level. The underlying
> mechanism, such as the cookie used to establish the session, can be shared
> between contexts, but the object exposed, and more importantly the
> attributes in that object, must not be shared between contexts. ...),
> but there must be a way to do that...
>
You are perfectly free to "roll your own" session implementation that
meets your needs (cross-host and cross-webapp). However, the standard
APis don't support these uses, so this will definitely be an application
specific (and probably Tomcat-specific) approach.
When you try this, you'll discover that having a cookie recognized
correctly is the least of your problems. You'll also need to ensure that
all of the classes are loaded from a shared class loader -- classes that
are loaded from one web-app's /WEB-INF/classes or /WEB-INF/lib directory
are not visible to any other web-app.
>
> thx,
> --
> :], Mihai P.
>
Craig