]
Brian Stansberry updated JBAS-9545:
-----------------------------------
Assignee: (was: Brian Stansberry)
AS7: HttpSession sharing between WAR modules (Clone)
----------------------------------------------------
Key: JBAS-9545
URL:
https://issues.jboss.org/browse/JBAS-9545
Project: Application Server 3 4 5 and 6
Issue Type: Feature Request
Components: Clustering, Web (Tomcat) service
Affects Versions: Open To Community
Reporter: Avner Linder
Fix For: No Release
Creating a redacted version of JBAS-1909, which was opened as a non-public JIRA issue by
a customer.
Our J2EE application is composed of several modules, each one addressing one facet of our
business process, and currently this application has one web module (WAR) and several JAR
modules (EJB).
We need to divide this web module into several smaller web modules.
In order to separate our unique WAR file into several WARs we must guarantee HttpSession
sharing. This is due to the fact that we have a lot of session attributes that are used
throughout the entire application and we cannot afford to refactor the application, in
fact, that's impossible.
The security aspects for this requirement are completely addressed by the JBoss/Tomcat
Single Sign-On mechanism but the session sharing requirements are not.
The ideal scenario is to keep the same HttpSession (same object in the heap, same session
ID) when authenticating into one application (HttpSession created) and then forwarding to
another application.
The current SSO mechanism allows the user to access the second application without
reauthentication, as you know, but it creates a new HttpSession object. Also, if the two
WARs have different session timeouts, if you access application A, migrates to application
B, stays there until session in application A expires and then returns to application A
from application B, a new HttpSession is also created in application A.
The ideal solution is to have one unique, monolithic session to all web applications
configured to share a common session. IBM WebSphere and BEA WebLogic do have this
configuration and feature. Please check the links below in case you want more
information:
WebSphere Application Server V5: Sharing Session Context -
http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0215.ht...
BEA Weblogic - Enabling Web applications to share the same session -
http://e-docs.bea.com/wls/docs90/webapp/sessions.html