I have simple jsp-site on tomcat. To work with session I use simple jsp session
object.
But I need some sessions isolation in my web directories e.q.
mysite.com/dir1
mysite.com/dir2
I want to use independent sessions for each dir1
and dir2
It's possible with minimal jsp-code correction and without using of virtual hosts?
Best Answer
Tomcat offerts some control over the session cookie's path with the sessionCookiePath context parameter, but not enough for your needs. I beleive you can play fast and loose with both the server (servlet container) and the browser with very little code.
In short, write a servlet filter that let the request in, unchanged. When the response comes out, add your servlet path to the JSESSIONID cookie path and let the browser send a different JSESSIONID (thus using a different session) for each servlet.
Here is how it works :
JSESSIONID
to it and add a cookie to let the client do its part of the tracking.With the cookie personalized for servlet
/dir1
, when the browser will send a request to/dir2
, it will also be "naked", no cookies whatsoever. A new session will be created, the filter will add the path to it and so on...From the server's point of view, there are two clients (with the same IP). One is always using
/dir1
servlet and the other is only using/dir2
servlet. Nothing wrong with that.Here is one filter implementation that can give a head start. You might also consider doing it in Apache with mod_headers.