Hi,
Regarding security, the JSDK spec is IMHO too simple and that has forced
many people to reinvent the wheel again and again, or get into
proprietary solutions. We chose to go our own way to be fully portable
and we end up with such a system:
.- As we already have implemented a Model 2 architec
I think the major part is a design issue. How do you recognize someone is logging-in
after he accidentally killed his browser? Maybe you could use IP addresses for that???
As far as I know most ISPs use simple timeout mechanisms on their POP3 servers
(you can reconnect after sometime when the conn
what we did was store session info in a DB table. (appropriately enough
named Session_T (our naming scheme add a T to tables, etc)
We store it with the create time and all that. As you say the hard part is
when they forget to log out. or winblows locks up on them. in that case what
we always do o
The new Oreilly book "JavaServer Pages" has a great way of doing
authentication with a tag and the existance of a "validUser" bean in the
session scope. It properly produces the original URL and is container
independant.
- Original Message -
From: "David Morton" <[EMAIL PROTECTED]>
To: "O
David,
I'm just getting to know servlets in depth, and have recently
read (and reread a few times) the servlet spec.
Two sections of the spec (2.3) are relevant (I think Orion is
at 2.3?):
> 3.1 Scope of a ServletContext
>
> There is one instance of the ServletContext interface associated
>