Can two web applications (servlet contexts) share the same session object?

Created May 7, 2012

facebook
twitter
in
Email

Alessandro A. Garbagnati

By default, the session object is context-specific. Although a few servlet containers (Tomcat, Resin) may allow web applications to share session contexts by means of the "crosscontext" setting within the deployment descriptor, by default, that should not be allowed for security purposes and must be used cautiously only for admin-type applications.

[For example:

<Context path="/myapp" docBase="/home/web/myapp'" crossContext="true" debug="0" reloadable="false" trusted="false" />

-Alex]

Post a comment

Email Article

Print Article

Most Popular jGuru Stories

Editor's Picks

Most Popular

The Java Game Development Tutorial

Files and Directories in Java

Load Testing your Applications with Apache JMeter

Unit Testing Java Programs

Using SOAP with Java