On Tue, 2007-03-13 at 19:34 +0100, Gregor Schneider wrote: > I guess you're talking about JSSOSessionID-Cookie, right?
Indeed. > I believe the whole design is not too smart: > > Since all webapps are sharing the same session, I'd store the needed > values as session-attributes (too lazy to look it up right now, but > should work like > > HttpSession session = .....; > session.setAttribute(String nameOfYourObject, Object yourObject); > Object yourObject = session.getAttribute(String nameOfYourObject); Surely, this cannot be correct? It would take me some effort to try sharing attributes between webapps, so I can't try it immediately, but different webapps even set different session cookies (JSESSIONID, that is) to the client, so it is very hard for me to believe that all webapps are sharing the same session. In any event, though, it isn't so much about sharing data. We have one webapp that produces a common header for all pages, and the others fetch that header through an HTTP GET call. > However, this works only when running all your webapps within the same > Tomcat-instance. > If this is not the case, take a look at webservices. Thanks for the tip, but I think any SSO hack would be far easier to implement and maintain than starting to use web services. Fredrik Tolf --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
