tags:

views:

4027

answers:

3
+1  Q: 

What does the crossContext attribute do in Tomcat? Does it enable session sharing?

All I can find in the Tomcat 5.5 docs is:

Set to true if you want calls within this application to ServletContext.getContext() to successfully return a request dispatcher for other web applications running on this virtual host. Set to false (the default) in security conscious environments, to make getContext() always return null.

I've found some forum posts that comment that setting crossContext=true also enables sharing the session object between different web applications, but I'm not able to find any official docs stating this.

Is there a relation between Servlet.getContext() and the ability to share session state between different web applications?

What does the crossContext attribute really do in Tomcat?

+2  A: 

From the javadoc ServletContext.getContext():

This method allows servlets to gain access to the context for various parts of the server, and as needed obtain RequestDispatcher objects from the context. The given path must be begin with "/", is interpreted relative to the server's document root and is matched against the context roots of other web applications hosted on this container.

So for instance if you want to include a page from a different webapp you need to set crossContext to true.

Kees de Kooter  2009-03-19 12:29:56
Is there a relation between Servlet.getContext() and the ability to share session state between different web applications?
Serhii  2009-03-19 14:42:30
Not that I am aware of.
Kees de Kooter  2009-03-19 19:04:55
+1  A: 

You can share sessions between web applications by using a Single Sing-On Valve.

You would set crossContext=true if you wanted to share some information between different Web Applications in the same Virtual Host.

For example app1 would call:

setAttribute("name", object);

and another app could call

getContext("app1").getAttribute("name");

to read the information. If crossContext wasn't set to true, the getContext("app1") would have returned null.

However the use of crossContext is both rare and potentially insecure.

kgiannakakis  2009-03-20 07:23:52
Thanks, but i'm not looking for a single sign on, I need to share the HttpSession attributes. Take a look at my new question http://stackoverflow.com/questions/665941/any-way-to-share-session-state-between-different-applications-in-tomcat
Serhii  2009-03-20 12:39:12
A: 

I tried it myself and I can't find the magical session sharing side effect, so the crossContext attribute only does what the docs say.

I've posted another question to see if there is a way to share the session state.

Serhii  2009-03-20 12:37:18

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?