hi Adam You are on the right track in understanding my concern. Anyway i have madeit possible. But now there is a small new issue. it is
I want to access the sessionId of another Web Server into some other web server. I meant say i have a domain A on Server A, I want to access the sessionId of Domain A onto the Domain B on Server B. I think this is a very strange question but i have been asked the same. ANy help of you guys Thanks Gary ----- Original Message ----- From: "Adam Hardy" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 3:03 PM Subject: Re: Changing SessionId at every request > I assume that Gurpreet wants to do it for security reasons and it's not > a bad idea. It certainly means that nobody would be able to share a > session, and so therefor a session-hijack would become obviously > immediately. > > I think expiring the session is overkill - I would just leave the > session as it is and use the filter to check and change my own > hand-rolled session id. > > Adam > > On 12/03/2003 08:20 AM Navjot Singh wrote: > > don't know why do you wish to do so? > > but it an be done. Write a filter. pass every request thru that. > > > > 1. Fetch the session, expire it. Server will assign new. > > 2. Fetch the session, don't expire the session, just append a timestamp to > > it. set a cookie and use that to maintain session. > > > > HTH > > navjot singh > > > > > >>-----Original Message----- > >>From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] > >>Sent: Wednesday, December 03, 2003 11:44 AM > >>To: Struts Users Mailing List > >>Subject: Changing SessionId at every request > >> > >> > >>HI, > >> > >>IS it possible to change the Session Id generated by the Web > >>Server at every request for the same client. I wil make it much > >>more clear. > >> > >>Say i have a Servlet running on Tomcat. what i want is when ever > >>any User lets assume USER A ask for a request i want to change the > >>sessionId server variable which has been gerenrated by the Web > >>Server to uniquely identify the client. > >> > >>Purpose behind doing this is to make every request safe. > >> > >> > >>Any suggections will be higly appreciated. > >> > >> > >>Thanks in Advance > >>Gary > >> > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > struts 1.1 + tomcat 5.0.14 + java 1.4.2 > Linux 2.4.20 RH9 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
