Can two web applications (servlet contexts) share the same session object?

Created May 7, 2012

Alessandro A. Garbagnati

By default, the session object is context-specific. Although a few servlet containers (Tomcat, Resin) may allow web applications to share session contexts by means of the "crosscontext" setting within the deployment descriptor, by default, that should not be allowed for security purposes and must be used cautiously only for admin-type applications.

[For example:

<Context path="/myapp" docBase="/home/web/myapp'" crossContext="true" debug="0" reloadable="false" trusted="false" />

-Alex]

Post a comment

Email Article

Print Article

0 Comments (click to add your comment)

Comment and Contribute

Your name/nickname

Your email

WebSite

Subject

(Maximum characters: 1200). You have 1200 characters left.

Most Popular jGuru Stories

Editor's Picks

Most Popular

The Java Game Development Tutorial

Files and Directories in Java

Load Testing your Applications with Apache JMeter

Unit Testing Java Programs

Using SOAP with Java