>Hi Bruno
>The idea is to get the User ID and the Password at the first time and then
>let the user go and navigate through my domain without asking him about
>his/her ID and Password each time he want to utilize a sevice hosted in
>the domain
>It's the same idea as Yahoo
>Once you get the user id and password you can go through My Yahoo, Yahoo
>pager, Yahoo chatting, etc without asking the user about his/her each time
>Thats all
But if to achieve what you want,
you have the following options:
1. an easy and secure way (sessionvariables)
2. a messier and very insecure way (cookies)
What option will you choose?
I want to tell you a little anecdote about Cookies:
When a user logs in into my application, I send a
Cookie to his browser with his loginname, so he
doesn't have to enter it the next time he logs in.
The application worked fine and nobody complained,
until one day, I got a call from somebody who
said the application was hanging. I was in panic because
I knew that I had this problem during the development
phase (When you choose to load classes dynamically
with Apache-Jserv and you change classes while some
classes are still used by another user; you get these
kind of problems).
However, I soon discovered that there was nothing wrong
with the application so I put the blame on the local browser.
Since the user could reproduce the problem over and over,
I had to take my car and pay a visit to her.
There I discovered what was going on:
She had the option 'Warn me before accepting a Cookie'
turned on. So when she received my Cookie, a little window
in her browser asked her if she wanted to accept this
Cookie. Since she didn't know what a Cookie was, she
ignored it (maybe she wanted to save it for lunch or
maybe she finally decided to go on a diet).
She clicked on some link in her browser (by doing so
she covered the Cookie window) and she waited and waited
for the timer to disappear...
Finally she concluded there was something wrong with
the application and she called me. Once I know what the
problem was, I solved it with a single click.
I'm glad I'm no longer being bodyshopped or this
anecdote would have costed more than 100$.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
