在Web应用程序中共享会话 [英] sharing session in web applications

问题描述

我正在使用 JSP & Servlets （容器： Tomcat7 ，数据库： Oracle10 ）

我开发了一些Web应用程序，例如 Profile ， Reports ， Leads 。然后我开发了一个登录应用程序。在这个应用程序中，我使用一些更多的会话属性在 Session 中存储了 USERID 。

用户登录后，他将显示菜单，其中包含指向其他应用程序的链接，如链接到 Profile 应用程序。

当用户登录后访问 Session 时：

• 如果我尝试访问会话使用相同的应用程序（Login），然后使用所有必需的属性获取会话。
  
• 但是，当我尝试从其他应用程序（如
  Profiles 然后我得到会话为 null





代码片段来检查会话（登录Web应用程序中的Servlet过滤器）



  HttpSession session = request.getSession（false ）; 
 if（session == null）
 {
 System.out.println（Session does not exist ...重定向到LOGIN页面。）; 
 response.sendRedirect（/ ApplicationName / Login.jsp）; 
} 
  

我在 Profile


然后我搜索了一下，我发现 Session 应用程序检查用户是否登录了。 （我也发现可以通过设置 crossContext =true）

来完成$ c>



然后我发现了其他选项，比如使所有应用程序的 EAR 然后部署它，但不幸的是 EAR 它不被 Tomcat7 。





支持。我是web环境的新手，如果有人曾经在此之前，请让我知道可以选择什么？





预先感谢



Update1





现在我决定使用 EAR 所有 WAR 文件，然后我将尝试在它们之间共享会话。因为Tomcat不支持 EAR 我已经安装了 Oracle Glassfish ，然后我创建了 Enterprise包含两个应用程序 1的应用程序项目。登录和 2。配置文件，然后创建 EAR 文件，并将其部署到 Glassfish 中。
所以我想分享这两个应用程序之间的会话（在Glassfish上），所以如果任何人有任何想法，那么请让我知道。 （链接到任何教程也将赞赏）

解决方案

我在商店中看到的这种做法是填写登录信息凭证添加到加密的cookie中，然后在需要用户数据的应用程序前安装代理（Java过滤器，Web服务器模块等），以解密Cookie并将数据传递到下游应用程序。如果您想跨应用程序共享登录信息，请勿将登录信息存储在HTTP会话中。




I am developing A Web Application using JSP & Servlets (Container: Tomcat7, Database: Oracle10)

I have developed some web applications like Profile, Reports, Leads. Then I have developed A Login application. In this application I am storing USERID in Session with some more session attributes.

After user logs in he will be shown menu which contains links to other Applications like links to Profile Application.

So when I access Session after user log in:

• If I try to access session withing the same application(Login) then I get session with all the required attributes
• But when I try to access session from other applications like Profiles then I get session as null

code snippet to check session (Servlet Filter in Login web application)

HttpSession session = request.getSession(false);
if(session==null)
{
    System.out.println("Session does not exist... Redirected to LOGIN Page.");
    response.sendRedirect("/ApplicationName/Login.jsp");
}

I am accessing session in Profile application to check whether user is logged in or not.

Then I have searched, and I have found that Session can't be accessed from other applications for security reasons.(I have also found that it can be done by setting crossContext="true")

Then I have found other option like making EAR of all applications and then deploy it, but unfortunately EAR it is not supported by Tomcat7.

I am new to web environment, so if anyone has worked on this before then please let me know what can be the options?

Thanks in advance

Update1

Now I have decided to use EAR, in which I will pack all WAR files and then I will try to share session between them. since Tomcat doesn't support EAR I have installed Oracle Glassfish, Then I have created Enterprise Application Project which contains two Applications 1. Login and 2. Profiles, and then created EAR file, and deployed it on Glassfish. So I want to share session between those two applications(on Glassfish), so if anybody has any idea about it then please let me know. (link to any tutorial will also be appreciated)

解决方案

The way I have seen this done in my shop is to stuff the login credentials into an encrypted cookie and install agents (java filters, web servers mods etc, in front of the applications that need the user data) that will decrypt the cookies and pass along the data to the downstream applications. Do not store login information in HTTP session if you want to share it across applications.

这篇关于在Web应用程序中共享会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！