Menu
▾
▴
Re: [jetty-discuss] Differences in Tomcat and Jetty in session id tracking
|
From: Y <yb...@ya...> - 2006-08-30 05:14:27
|
Hi,
Let me try and explain again. In my application, when user make a HTTP
request from their web browser, I have a filter to obtain http session id
and process information based on this session id.
HttpServletRequest httpreq;
try {
httpreq = (HttpServletRequest)request;
} catch (ClassCastException e) {
if (logger.isEnabledFor(Level.WARN)) {
logger.warn("Unable to cast to HTTP request");
}
return;
}
HttpSession session = httpreq.getSession();
logger.info("Session id: " + getId());
user = (MyUser)session.getAttribute("user");
if (user == null) {
// create a user and whack it in the session
user = new MyUser(request.getRemoteAddr(), httpreq);
session.setAttribute("user", user);
}
...
When this was deploy in Apache-(ajp13)->Tomcat environment, a user can make
a HTTP/HTTPS request from their IE or Mozilla Firefox browser (on same PC or
laptop), I get the same session id.
However, when I deploy this in Apache-(apj13)->Jetty environment, a user
make a HTTP/HTTPS request from their IE browser I get a session id, and if
the user make another HTTP request from their Mozilla Firefox browser (on
same PC or laptop) I get a different (another) session id.
How can I configure Jetty to behave the same as in Tomcat in dealing with
session id?
In the Servlet 2.3 Spec, it stated that " ...
Secure Sockets Layer, the encryption technology used in the HTTPS protocol,
has a
mechanism built into it allowing multiple requests from a client to be
unambiguously identified as being part of a session. A servlet container can
easily
use this data to define a session."
Can I use this to address my problem? If so, how?
Any help or comments is much appreciated as I am relatively new to web
application development.
Y
--
View this message in context: http://www.nabble.com/Differences-in-Tomcat-and-Jetty-in-session-id-tracking-tf2020698.html#a6052557
Sent from the Jetty Discuss forum at Nabble.com.
|
