Mon Cab wrote:
> I like the idea of the session map though. Maybe use a singleton to
> store the map and then access the sessions from there. Why do you say
> this might not be a good idea?

For the same general reason getting access to a session that isn't
associated with the request is probably a bad idea: security concerns.
Depending on what you store in session, having a cross-context ability
in essence opens up the possibility of a clever hacker somehow stealing
information they should never have had access to.

I'm also not entirely sure any app server will let you do it... I
wouldn't be surprised, especially in something like Websphere which can
get king of anal about this sort of thing, won't let you keep a
reference to session outside the context of the request. I have no
evidence of this, it's just a hunch.

In the end though, like you said yourself, if it's only the data in
session your really interested in, there are ways to do that. One could
argue the same security concerns would be present there, but at some
point it has to enter the realm of a design decision... you know what
the consequences might be, and decide to accept them. Heck, maybe I'm
seeing creatures in the shadows that aren't really there anyway! (i.e.,
maybe there's not really any security issues). I've dealt with security
enough though to know that the first time you assume there's no concern,
you get burnt :)

Frank


>
>
> --- "Frank W. Zammetti" <fzlists@(protected):
>
>> Mon Cab wrote:
>>> Im guessing that this might require my storing the sessionId's in
>> the
>>> db when the users log on. Such a shame.
>> I think even doing that it wouldn't be possible to get the session
>> object itself... I seem to recall there being some security
>> restrictions
>> around that (which makes sense if you think about it)... IIRC, that's
>>
>> also the reason that getSession() method was removed in the first
>> place.
>>
>> If the information in session is all your actually interested in
>> though,
>> and not the session object itself, you could certainly get away with
>> throwing a filter in front of your app that grabs session from the
>> request and pulls the pertinent info from it and shoves it in a
>> database, keyed by session ID (or whatever else makes sense).
>> Obviously
>> a performance concern, not to mention the security implications, but
>> would certainly work.
>>
>> I suppose you could try stuffing a reference to the session object
>> itself into some map, although I'm not at all sure that'd work... I'm
>>
>> more sure though that it wouldn't be spec-compliant, and probably not
>> a
>> good idea for other reasons besides :) Still, might be doable, you'd
>>
>> have to test the theory.
>>
>> Frank
>>
>>
>>> --- "Frank W. Zammetti" <fzlists@(protected):
>>>
>>>> Hi,
>>>>
>>>> I don't believe there is a container-neutral way to do this, I
>> think
>>>> any
>>>> solution would have to be dependent on what app server your
>> running
>>>> on
>>>> and something specific to it.
>>>>
>>>> Frank
>>>>
>>>> (P.S. - I could be wrong! LOL)
>>>>
>>>> Mon Cab wrote:
>>>>> I am trying to integrate a web application to an external
>> service,
>>>> and
>>>>> need to be able to take an incoming sessionId from the external
>>>>> service server, and to return details from the session to which
>>>> that
>>>>> sessionId applies.
>>>>>
>>>>> I understand that there was a getSession(String sessionid)
>> method,
>>>> in
>>>>> HttpSessionContext which has since been deprecated.
>>>>>
>>>>> Does anyone know how I would do this, with the Servlet 2.3 APIs?
>>>>>
>>>>>  
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
> ____________________________________________________________________________________
>>>>> The fish are biting.
>>>>> Get more visitors on your site using Yahoo! Search Marketing.
>>>>> http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
>>>>>
>>>>>
>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@(protected)
>>>>> For additional commands, e-mail: user-help@(protected)
>>>>>
>>>>>
>>>>>
>>>>>
>>>> --
>>>> Frank W. Zammetti
>>>> Founder and Chief Software Architect
>>>> Omnytex Technologies
>>>> http://www.omnytex.com
>>>> AIM/Yahoo: fzammetti
>>>> MSN: fzammetti@(protected)
>>>> Author of "Practical Ajax Projects With Java Technology"
>>>>  (2006, Apress, ISBN 1-59059-695-1)
>>>> Java Web Parts - http://javawebparts.sourceforge.net
>>>>  Supplying the wheel, so you don't have to reinvent it!
>>>>
>>>>
>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@(protected)
>>>> For additional commands, e-mail: user-help@(protected)
>>>>
>>>>
>>>
>>>
>>>
>>>
> ____________________________________________________________________________________
>>> Looking for earth-friendly autos?
>>> Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
>>> http://autos.yahoo.com/green_center/
>>>
>>>
>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@(protected)
>>> For additional commands, e-mail: user-help@(protected)
>>>
>>>
>>>
>>>
>> --
>> Frank W. Zammetti
>> Founder and Chief Software Architect
>> Omnytex Technologies
>> http://www.omnytex.com
>> AIM/Yahoo: fzammetti
>> MSN: fzammetti@(protected)
>> Author of "Practical Ajax Projects With Java Technology"
>>  (2006, Apress, ISBN 1-59059-695-1)
>> Java Web Parts - http://javawebparts.sourceforge.net
>>  Supplying the wheel, so you don't have to reinvent it!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@(protected)
>> For additional commands, e-mail: user-help@(protected)
>>
>>
>
>
>
>
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@(protected)
> For additional commands, e-mail: user-help@(protected)
>
>
>
>

--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM/Yahoo: fzammetti
MSN: fzammetti@(protected)
Author of "Practical Ajax Projects With Java Technology"
(2006, Apress, ISBN 1-59059-695-1)
Java Web Parts - http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@(protected)
For additional commands, e-mail: user-help@(protected)