[jboss-jira] [JBoss JIRA] Commented: (JBAS-2861) HttpSession sharing between WAR modules
James Brown (JIRA)
jira-events at jboss.com
Wed Jan 31 12:55:28 EST 2007
[ http://jira.jboss.com/jira/browse/JBAS-2861?page=comments#action_12351999 ]
James Brown commented on JBAS-2861:
-----------------------------------
Is the intent still to include in 4.2.0 or will this only be available in the 5 family?
> HttpSession sharing between WAR modules
> ---------------------------------------
>
> Key: JBAS-2861
> URL: http://jira.jboss.com/jira/browse/JBAS-2861
> Project: JBoss Application Server
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Web (Tomcat) service, Clustering
> Affects Versions: JBossAS-3.2.7 Final, JBossAS-3.2.6 Final
> Reporter: Brian Stansberry
> Assigned To: Brian Stansberry
> Fix For: JBossAS-4.2.0.CR1
>
>
> Creating a redacted version of JBAS-1909, which was opened as a non-public JIRA issue by a customer.
> Our J2EE application is composed of several modules, each one addressing one facet of our business process, and currently this application has one web module (WAR) and several JAR modules (EJB).
> We need to divide this web module into several smaller web modules.
> In order to separate our unique WAR file into several WARs we must guarantee HttpSession sharing. This is due to the fact that we have a lot of session attributes that are used throughout the entire application and we cannot afford to refactor the application, in fact, that's impossible.
> The security aspects for this requirement are completely addressed by the JBoss/Tomcat Single Sign-On mechanism but the session sharing requirements are not.
> The ideal scenario is to keep the same HttpSession (same object in the heap, same session ID) when authenticating into one application (HttpSession created) and then forwarding to another application.
> The current SSO mechanism allows the user to access the second application without reauthentication, as you know, but it creates a new HttpSession object. Also, if the two WARs have different session timeouts, if you access application A, migrates to application B, stays there until session in application A expires and then returns to application A from application B, a new HttpSession is also created in application A.
> The ideal solution is to have one unique, monolithic session to all web applications configured to share a common session. IBM WebSphere and BEA WebLogic do have this configuration and feature. Please check the links below in case you want more information:
> WebSphere Application Server V5: Sharing Session Context - http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0215.html?Open
> BEA Weblogic - Enabling Web applications to share the same session - http://e-docs.bea.com/wls/docs90/webapp/sessions.html
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list