Servlet Spec 2.3 section SRV.7.3 says that the attributes in a session
"must never" be shared between contexts. They give the specific
example of one Servlet using requestDispatcher to call another Servlet
in another web application and say that the sessions (i.e. session
objects) created by the two Servlets must not be visible to one
As to a 'better way' it depends on the scope of that sharing. If the
two webapplications have different sessions, then what defines what is
shared, by whom and for how long?
Let me give you an example, which is extreme and almost certainly not
what you intend. Set up a Class which is loaded as part of the core
server and give it a static member attribute. Now all Servlets / JSPs
can share the value of that attribute. Not what you want? So you've
got to work out just what the scope of the sharing is that you need.
i.e. I think you have a requirements / design issue, not an
implementation one. By putting the JSPs in different web applications
(and given Sun's webapp isolation principal) you are effectively
saying that they can never, by definition, share a session. So what is
that you want them to share?
If logically they have something to share, then why are they in
If you really do have to have them in separate webapps, yet want the
session to have common attributes - build on my extreme example above.
Make that common, shared static member a Map whose keys are session
IDs and values are inner attribute Maps. It is these inner Maps which
hold the session-specific attributes. But now you will have to cope
with purging inner Maps when sessions expire. Also be aware that you
are breaking security barriers which Sun have carefully build around
webapps for data privacy and isolation - I trust your different
webapps all belong to a single 'design authority' which can take
responsibility for this security.
"Tony Thompson" asks:
> I have two JSPs that run in two different web applications (separate
> applicaton contexts) that I am trying to share information between
> a session attribute. A.jsp sets the attribute and B.jsp attempts to
> read the attribute. I have confirmed that the session IDs are
> in each JSP but, B.jsp does not see the attribute that was set by
> Does anyone have any idea why this would be?
> If session attributes are not shared between web application
> (are they supposed to be shared?), is there a better way to share
> information between the two JSPs?