Tom this is 100% correct "there is no way to even instantiate a session
object from a self-supplied session-id let alone replace the current
session object in the HttpRequest." but I am still a little curious as
to why Tomcats generated session id is not adequate, is it purely
because you can't get at it early enough?
I apologise Christopher for second guessing, but I just don't see what
rewriting Tomcats session management brings... you did say nevertheless
that you don't recommend it, for good reason, this is tried and tested
code that is central to the servers operation, I feel this task is
'unthinkable' and will only introduce a host of problems and complexity.
After reading a little, Tomcat 5x onwards comes with session replication
capabilities, which means there is some code which you can reference and
write a valve that intercepts the request as soon as a new session is
created and before its sent back to the user in the response, an example
of this being the ReplicationValve which ships with Tomcat. ||You can
then persist it in a database or do whatever you want with it.
Maybe these can help a little:
http://www.onjava.com/pub/a/onjava/2004/11/24/replication1.html?page=last
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
Peter
Tom van Wietmarschen wrote:
L.S.,
I was wondering if it is possible to write a custom method of
propagating the session ID between HTTP requests. Specifically: we want
to store the session id in a X-ourcompanyname-sessionid header (we use a
custom http client so we can modify that to send the sessionid back in a
header).
The reason for this is that we have to deal with clients that are using
mobile data connections, and mobile phone operators sometimes feel the
need to mess with a clients cookies and sessions as well as doing other
kinds of nasty things in their proxies. Non-standard headers are usually
left alone.
I've been looking at a way to do this but I can't find a solution,
filters seem to be too late in the chain: a request object is already
created and there is no way to even instantiate a session object from a
self-supplied session-id let alone replace the current session object in
the HttpRequest.
Does anyone known if there is a way to write my own handlers for
retrieving and setting the current sessionid and have tomcat use that
instead of looking at the requesturl or cookies ?
Sincerely,
Tom van Wietmarschen
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
