Accessing Session Object from one application to another..


Web tier: servlets, JSP, Web frameworks: Accessing Session Object from one application to another..

  1. I have a WEB APP( a .war) that calls a servlet( an independent servlet ) to handle the sessions and the servlet furthur calls another .war; The problem is that the session object that the servlet creates is not accessible to the 2nd war. Is there any way i can get the same session object in the 2nd web app.
    Thanks in advance
  2. Hi Sahil,

    As far as I know each war runs on separate web container and hence separate servlet context. So no direct way to communicate. you can think of serializing the object to a file or to a RDBMS table and retrieve it in the second war.

  3. If you are successfull please inform me at
  4. I also had this problem but after some careful thinking, I devised a solution to meet my needs.

    My problem was that I wanted to have a single sign on application to create a session object if the user logs in successfully. I needed that session object to be 'shared' across multiple contexts so that the user didn't have to log in for each context. I also did not want to use Tomcat's security schema of realms and such because it didn't really fit in with the infrastructure of where I work. Anyway, here's my solution:

    1. In your servlet that makes the session object, store the session object in the ServletContext object with a unique key that can be referenced per user instance. For example, I used the user's IP address as my key so I basically did

    HttpSession session = req.getSession(true);
    ServletContext sc = getServletConfig().getServletContext();
    sc.setAttribute(request.getRemoteAddr(), session);

    So if I wanted to get the session from another servlet, I had to

    ServletContext sc = getServletConfig().getServletContext().getContext("$contextpath");
    HttpSession session = (HttpSession)sc.getAttribute(req.getRemoteAddr());

    Try it out. =P There are many issues about this method of doing it. For example, if many users connected through a proxy server, then the servlet would only have once instance of the session for all those users. =( Because my login application was for the intranet, these issues are moot, but if I wanted to develop this for a more public audience, I'd have to devise another scheme to uniquely identify keys I store in the ServletContext object. Let me know how this works out for you =)

  5. My suggestion is have a bean common to both the applications and store the session object in your bean while the user logs in and retrieve it whenever and wherever you want.

    Yes we are working it out thorugh that way and it is fine.

    Prasath Balakrishnan
  6. Can you give me an example of the way you created the bean. Is it a class that you are using and how are you accessing the bean across the war files? Thanks.