Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Dynamic session cookie name

Hello Christoph,

Since the sessions contain non-serializable state they are not suited for this type of clustering. Clustering is done at a different level in this system, not at the user session level.

The session concept fits fine. The only problem I have is that I need to have more than one at the same time in the same browser. Which is very easy when tracking sessions in the URL and very difficult tracking them with session cookies.

Cheers,

Silvio


On 12/09/2016 11:06 AM, Christoph Läubrich wrote:
BTW: Jetty supports Clustered Sessions with the JDBCSessionManager

But if the Session concept itself does not fit your needs, why don't you use a custom storage for this instead? You can even then store this in the (single) User-Session ;-)

Am 08.12.2016 13:42, schrieb Silvio Bierman:
Hello all,

I have an application that needs to explicitly spawn sessions for a user. The main reason is that it needs to either open multiple browser windows each accessing their own separate session or it redirects the user through different sessions. For several reasons this can not be retrofitted into a single session, one of which is that the sessions currently can reside on a different node in a sort-of-cluster (sticky).

Currently the applications uses URL-based session tracking. This works flawlessly but for security reasons I would like to change the session tracking mechanism. Since I can not spawn new sessions in a Jetty server while handling a request that already has a session associated with it (or can I?) I am thinking of the following scheme:

When I need a new session I create some kind of session-token and stuff that in the URL. Then that requests is handled by Jetty and I would like Jetty to attach a session to it tracking it with a session cookie. BUT: I want Jetty to use the session-token as the name of the session cookie. That means that I would need to hook the SessionManager to make the session cookie name dependent on the request.

Is this at all possible? Or are there better ways to do this?

Cheers and thanks in advance,

Silvio

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



Back to the top