Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Dynamic session cookie name

Hello all,

I have an application that needs to explicitly spawn sessions for a user. The main reason is that it needs to either open multiple browser windows each accessing their own separate session or it redirects the user through different sessions. For several reasons this can not be retrofitted into a single session, one of which is that the sessions currently can reside on a different node in a sort-of-cluster (sticky).

Currently the applications uses URL-based session tracking. This works flawlessly but for security reasons I would like to change the session tracking mechanism. Since I can not spawn new sessions in a Jetty server while handling a request that already has a session associated with it (or can I?) I am thinking of the following scheme:

When I need a new session I create some kind of session-token and stuff that in the URL. Then that requests is handled by Jetty and I would like Jetty to attach a session to it tracking it with a session cookie. BUT: I want Jetty to use the session-token as the name of the session cookie. That means that I would need to hook the SessionManager to make the session cookie name dependent on the request.

Is this at all possible? Or are there better ways to do this?

Cheers and thanks in advance,

Silvio



Back to the top