Re: Changing SessionId at every request

2003-12-03 Thread Kirk Wylie
re must be a solution for this trouble right Thanks Gary - Original Message - From: "Andrew Hill" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 3:14 PM Subject: RE: Changing SessionId at every requ

[OT] Re: Changing SessionId at every request

2003-12-03 Thread Adam Hardy
MAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 3:03 PM Subject: Re: Changing SessionId at every request I assume that Gurpreet wants to do it for security reasons and it's not a bad idea. It certainly means that nobody w

Re: Changing SessionId at every request

2003-12-03 Thread Gurpreet Dhanoa
ber 03, 2003 3:14 PM Subject: RE: Changing SessionId at every request > ahhh... ok I think I see what you mean > > So by 'hand rolled' sessionId what you mean is some kind of token that must > be submitted with each request to verify that it came from the real client? &g

RE: Changing SessionId at every request

2003-12-03 Thread Andrew Hill
ity though, I would think using SSL might be a safer option - though the performance is lower. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 3 December 2003 17:33 To: Struts Users Mailing List Subject: Re: Changing SessionId at every request I assume tha

Re: Changing SessionId at every request

2003-12-03 Thread Gurpreet Dhanoa
gt; Sent: Wednesday, December 03, 2003 3:03 PM Subject: Re: Changing SessionId at every request > I assume that Gurpreet wants to do it for security reasons and it's not > a bad idea. It certainly means that nobody would be able to share a > session, and so therefor a session-hija

Re: Changing SessionId at every request

2003-12-03 Thread Adam Hardy
bject: Changing SessionId at every request HI, IS it possible to change the Session Id generated by the Web Server at every request for the same client. I wil make it much more clear. Say i have a Servlet running on Tomcat. what i want is when ever any User lets assume USER A ask for a request i wan

RE: Changing SessionId at every request

2003-12-03 Thread Navjot Singh
HTH navjot singh >-Original Message- >From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] >Sent: Wednesday, December 03, 2003 11:44 AM >To: Struts Users Mailing List >Subject: Changing SessionId at every request > > >HI, > >IS it possible to change the Session

RE: Changing SessionId at every request

2003-12-02 Thread Andrew Hill
huh? This is a joke right? -Original Message- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, 3 December 2003 14:14 To: Struts Users Mailing List Subject: Changing SessionId at every request HI, IS it possible to change the Session Id generated by the Web Server at

Changing SessionId at every request

2003-12-02 Thread Gurpreet Dhanoa
HI, IS it possible to change the Session Id generated by the Web Server at every request for the same client. I wil make it much more clear. Say i have a Servlet running on Tomcat. what i want is when ever any User lets assume USER A ask for a request i want to change the sessionId server vari