head	1.10;
access;
symbols;
locks
	nobody:1.10; strict;
comment	@# @;


1.10
date	99.04.21.18.35.50;	author nobody;	state Exp;
branches;
next	1.9;

1.9
date	99.04.21.18.35.43;	author nobody;	state Exp;
branches;
next	1.8;

1.8
date	99.04.21.18.35.31;	author nobody;	state Exp;
branches;
next	1.7;

1.7
date	99.04.01.18.58.32;	author nobody;	state Exp;
branches;
next	1.6;

1.6
date	99.04.01.18.00.54;	author nobody;	state Exp;
branches;
next	1.5;

1.5
date	99.03.23.20.09.22;	author nobody;	state Exp;
branches;
next	1.4;

1.4
date	99.03.10.02.46.16;	author httpd;	state Exp;
branches;
next	1.3;

1.3
date	99.03.08.19.34.15;	author httpd;	state Exp;
branches;
next	1.2;

1.2
date	99.03.08.19.33.48;	author httpd;	state Exp;
branches;
next	1.1;

1.1
date	99.03.08.19.33.33;	author httpd;	state Exp;
branches;
next	;


desc
@null
@


1.10
log
@null
@
text
@IDependOn-Set: 1
IDependOn-Set: 2
IDependOn-Set: 32
IDependOn-Set: 35
IDependOn-Set: 39
IDependOn-Set: 7
LastModifiedSecs: 924719750
Parent: 7
SequenceNumber: 8
Title: Session Management and Multiple Domains
Part: 0
Author-Set: jon@@working-dogs.com
HideAttributions: 1
LastModifiedSecs: 920921640
Type: monospaced
Lines: 45
----------
From: "Craig R. McClanahan" <cmcclanahan@@mytownnet.com>
To: Java Apache Users <java-apache-users@@list.working-dogs.com>
Subject: Re: Session management for multiple subdomains
Date: Fri, Mar 5, 1999, 8:28 AM

Joel Shellman wrote:

> We run various services under the knocean.com domain name
> (synapse.knocean.com, scrapbook.knocean.com, member.knocean.com, etc.).
> Is there an easy way to create a session under one subdomain that will
> carry over to all subdomains?
>
> In other words, I go to member.knocean.com and the servlet creates a
> session. Then I want to go to synapse.knocean.com, I already
> authenticated so I don't want to have to do it again. Is there a simple
> way to do it?
>
> I could just throw a cookie in there, but then I loose the ease of
> session management and open up possible security risks.

In Apache JServ, sessions are local to a particular zone, which is in turn
local to a particular virtual host.

In the 2.1 servlet API spec, sessions are local to a servlet context, and
a servlet context is specifically limited to a single virtual host.  Thus,
what you want to do (sharing a session across virtual hosts) won't be
allowed.

The reasons for this are primarily the ones you don't like about the
"throw a cookie in there" approach -- security.  The application designer
who packages their app into a particular servlet context is not going to
like the possibility that outside servlets have access to the user objects
stored in the session, because it allows all sorts of malicious behavior.


>
> Thank you,
>
> Joel Shellman
> knOcean Interactive Corporation
> http://corp.knOcean.com/
>

Craig McClanahan
EndPart: 0
@


1.9
log
@null
@
text
@d7 1
a7 1
LastModifiedSecs: 924719743
d9 1
a9 1
SequenceNumber: 7
a12 1
DateOfPart: 1999-Apr-21 11:35am
a62 10
Part: 1
Author-Set: anonymous
HideAttributions: 1
Type: directory
Lines: 4
Subcategories:


Answers in this category:
EndPart: 1
@


1.8
log
@null
@
text
@d7 1
a7 1
LastModifiedSecs: 924719731
d9 1
a9 1
SequenceNumber: 6
d13 2
@


1.7
log
@null
@
text
@d7 1
a7 1
LastModifiedSecs: 922993112
d9 1
a9 1
SequenceNumber: 5
d65 1
a65 2
LastModifiedSecs: 922989600
Type: 
a71 10
Part: 2
Author-Set: anonymous
HideAttributions: 1
Type: directory
Lines: 4
Subcategories:


Answers in this category:
EndPart: 2
@


1.6
log
@null
@
text
@d7 1
a7 1
LastModifiedSecs: 922989654
d9 1
a9 1
SequenceNumber: 4
a63 1
DateOfPart: 1999-Apr-01 10:00am
d65 2
d73 10
@


1.5
log
@null
@
text
@d7 1
a7 1
LastModifiedSecs: 922219761
d9 1
a9 1
SequenceNumber: 3
d64 1
a65 1
Type: directory
@


1.4
log
@null
@
text
@d5 1
a5 1
IDependOn-Set: 36
d7 1
a7 1
LastModifiedSecs: 920921655
d9 1
a9 1
SequenceNumber: 2
d62 10
@


1.3
log
@null
@
text
@d5 1
d13 1
a13 1
DateOfPart: 1999-Mar-08 11:34am
@


1.2
log
@null
@
text
@d6 1
a6 1
LastModifiedSecs: 920921628
d8 1
a8 1
SequenceNumber: 1
d10 51
@


1.1
log
@null
@
text
@d3 1
d6 1
a6 1
LastModifiedSecs: 920921613
d8 2
a9 2
SequenceNumber: 0
Title: New Item
@
