re must be a solution for this
trouble
right
Thanks
Gary
- Original Message -
From: "Andrew Hill" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, December 03, 2003 3:14 PM
Subject: RE: Changing SessionId at every requ
MAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Wednesday, December 03, 2003 3:03 PM
Subject: Re: Changing SessionId at every request
I assume that Gurpreet wants to do it for security reasons and it's not
a bad idea. It certainly means that nobody w
ber 03, 2003 3:14 PM
Subject: RE: Changing SessionId at every request
> ahhh... ok I think I see what you mean
>
> So by 'hand rolled' sessionId what you mean is some kind of token that
must
> be submitted with each request to verify that it came from the real
client?
&g
ity though, I would think using SSL might be a
safer option - though the performance is lower.
-Original Message-
From: Adam Hardy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 3 December 2003 17:33
To: Struts Users Mailing List
Subject: Re: Changing SessionId at every request
I assume tha
gt;
Sent: Wednesday, December 03, 2003 3:03 PM
Subject: Re: Changing SessionId at every request
> I assume that Gurpreet wants to do it for security reasons and it's not
> a bad idea. It certainly means that nobody would be able to share a
> session, and so therefor a session-hija
I assume that Gurpreet wants to do it for security reasons and it's not
a bad idea. It certainly means that nobody would be able to share a
session, and so therefor a session-hijack would become obviously
immediately.
I think expiring the session is overkill - I would just leave the
session as
don't know why do you wish to do so?
but it an be done. Write a filter. pass every request thru that.
1. Fetch the session, expire it. Server will assign new.
2. Fetch the session, don't expire the session, just append a timestamp to
it. set a cookie and use that to maintain session.
HTH
navjot s
huh?
This is a joke right?
-Original Message-
From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 3 December 2003 14:14
To: Struts Users Mailing List
Subject: Changing SessionId at every request
HI,
IS it possible to change the Session Id generated by the Web Server at ever
8 matches
Mail list logo