Relation b/w httpsession and ejb container session

Discussions

Web tier: servlets, JSP, Web frameworks: Relation b/w httpsession and ejb container session

  1. Hello

    I am wondering how is the HttpSession, related to
    the EJB session...how is the information such as user etc
    passed to the EJB sessioncontext.
    Also why servletsessioncontext is been removed from the
    servletspec?

    thanks
    -ram
  2. I am wondering how is the HttpSession, related to the EJB session ... how is the information such as user etc. passed to the EJB sessioncontext.
    There is no relationship. No data is passed between the two. The only exception to this rule is that if you are using J2EE-standard security, the user credentials may be passed from the web container to the EJB container. They would be available in the EJB container via the SessionContext.getCallerPrincipal() method.
    Also why servletsessioncontext is been removed from the servlet spec?
    There are potential security risks in being able to retrieve an arbitrary session by id. That is why this interface is deprecated.