How do I manage sessions in a hybrid Ruby/GWT system?
I currently have a Ruby on Rails system, and there are plans to port it to GWT. Before we do this, the powers that be want to have a proof of concept with part of the site being written in GWT to show that GWT can use and display the current content. The flow of data in the GWT portion of the system is as follows:
- Client sends an RPC call to the GWT server
- Server receives RPC call, then makes an equivalent Ajax request to the Rails system
- Server generates a Java object from the result of the Ajax request, passes it back to client
The issue I'm running into now is managing user session data across both systems. We only have 1 Tomcat instance, and that has its own type of sessions, and then our Ruby system uses ActiveRecordStore to store session data in the database.
The problem here is that when the Tomcat system talks with the Ruby system, if the GWT client has made a login request, the last user to log in from the GWT system has all outgoing Ajax requests being pe开发者_如何学JAVArformed in the Rails system as if they're the current user since the Tomcat system looks like a single client to Rails.
Anyways, how can I make it such that if a user begins a session with the Tomcat system, the Ruby system will be aware of this and have an equivalent session so that even though the Tomcat server is a single client to it, the Rails system is aware of the fact that many different users are communicating with it from that single client.
I think the best way to solve this would be to use cookies instead of a database to store the session. Rails supports this natively, actually it's the default cookie store for some time now. The cookie itself is signed by a server secret to prevent user tampering. I think the Rails implementation uses Ruby marshaling to dump/load the data so you might have to implement it in Java, or you can implement your own cookie manager on both sides using the same idea.
It is also possible to just use the Ruby code from JRuby in your Java application.
I don't know about RoR, but in most web technologies sessions are maintained using cookies. If you preserve the cookies (for a given user) across multiple calls from your Java server to your RoR instance, you should be all good.
精彩评论