like adding security to ensure the clients session id can't be stolen
by ether updating the sessionId thoughout the session. But that's
really beyond this thread of just understanding what can be expected
once a session is created.
On Oct 23, 1:21 am, Josh wrote:
> So I can count on getThreadLoca
So I can count on getThreadLocalRequest().getSession().getId() to
always return the same value for every RPC call the client makes for
the life of the session. The server will somehow figure out that the
client who just logged in and was given a session Id, Is the same
person who is now requesting
On 22 oct, 16:15, Falcon wrote:
> The web, in general, is stateless, and http is a stateless protocol.
> The upshot of this is that every time you send a request to a web
> server it has no idea who you are without some identifying piece of
> information.
>
> So, once a session has been set on a
The web, in general, is stateless, and http is a stateless protocol.
The upshot of this is that every time you send a request to a web
server it has no idea who you are without some identifying piece of
information.
So, once a session has been set on a server, that session has an ID.
The user has
I'm new to sessions and I could use a little help in understanding
this.
If you log in you send your username/hash password.
The server validates this data.
The server creates a new or accesses a current one already created for
you.
Fills the sever session with user data.
Returns a session Id and p