All I can find in the Tomcat 5.5 docs is:
Set to true if you want calls within this application to ServletContext.getContext() to successfully return a request dispatcher for other web applications running on this virtual host. Set to false (the default) in security conscious environments, to make getContext() always return null.
I've found some forum posts that comment that setting crossContext=true
also enables sharing the session object between different web applications, but I'm not able to find any official docs stating this.
Is there a relation between Servlet.getContext() and the ability to share session state between different web applications?
What does the crossContext
attribute really do in Tomcat?
Defining the context path from the server.The docBase attribute is a path to the WAR file or exploded deployment directory. It is relative to the webapps directory, although an absolute path can be used. The path attribute is the one we are most interested in, as it defines the context path of the application.
In Tomcat, the Context Container represents a single web application running within a given instance of Tomcat. A web site is made up of one or more Contexts. For each explicitly configured web application, there should be one context element either in server. xml or in a separate context XML fragment file.
The context path refers to the location relative to the server's address which represents the name of the web application. By default, Tomcat derives it from the name of the deployed war-file. So if we deploy a file ExampleApp. war, it will be available at http://localhost:8080/ExampleApp.
antiResourceLocking. If true, Tomcat will prevent any file locking. This will significantly impact startup time of applications, but allows full webapp hot deploy and undeploy on platforms or configurations where file locking can occur. If not specified, the default value is false .
You can share sessions between web applications by using a Single Sign-On Valve.
You would set crossContext=true
if you wanted to share some information between different Web Applications in the same Virtual Host.
For example app1 would call:
setAttribute("name", object);
and another app could call
getContext("/app1").getAttribute("name");
to read the information. If crossContext wasn't set to true, the getContext("/app1") would have returned null.
However, the use of crossContext is both rare and potentially insecure.
From the javadoc ServletContext.getContext()
:
This method allows servlets to gain access to the context for various parts of the server, and as needed obtain RequestDispatcher objects from the context. The given path must be begin with "/", is interpreted relative to the server's document root and is matched against the context roots of other web applications hosted on this container.
So for instance if you want to include a page from a different webapp you need to set crossContext to true.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With