Now, if you have sitea.com and siteb.com, then the cookie technique can't work (as neither can set a cookie for the other). So, I'm thinking that you can do something similiar, a signed token, in a hidden field and then having to submit a form to get to the new site.
Of course, you can always stick the token on the URL as well.
On 12/03/2003 10:42 AM Gurpreet Dhanoa wrote:
hi Adam
You are on the right track in understanding my concern. Anyway i have madeit possible. But now there is a small new issue. it is
I want to access the sessionId of another Web Server into some other web server. I meant say i have a domain A on Server A, I want to access the sessionId of Domain A onto the Domain B on Server B.
I think this is a very strange question but i have been asked the same.
ANy help of you guys Thanks Gary
----- Original Message ----- From: "Adam Hardy" <[EMAIL PROTECTED]> To: "Struts Users Mailing List" <[EMAIL PROTECTED]> Sent: Wednesday, December 03, 2003 3:03 PM Subject: Re: Changing SessionId at every request
I assume that Gurpreet wants to do it for security reasons and it's not a bad idea. It certainly means that nobody would be able to share a session, and so therefor a session-hijack would become obviously immediately.
I think expiring the session is overkill - I would just leave the session as it is and use the filter to check and change my own hand-rolled session id.
Adam
On 12/03/2003 08:20 AM Navjot Singh wrote:
don't know why do you wish to do so? but it an be done. Write a filter. pass every request thru that.
1. Fetch the session, expire it. Server will assign new. 2. Fetch the session, don't expire the session, just append a timestamp
to
it. set a cookie and use that to maintain session.
HTH navjot singh
-----Original Message----- From: Gurpreet Dhanoa [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 11:44 AM To: Struts Users Mailing List Subject: Changing SessionId at every request
HI,
IS it possible to change the Session Id generated by the Web Server at every request for the same client. I wil make it much more clear.
Say i have a Servlet running on Tomcat. what i want is when ever any User lets assume USER A ask for a request i want to change the sessionId server variable which has been gerenrated by the Web Server to uniquely identify the client.
Purpose behind doing this is to make every request safe.
Any suggections will be higly appreciated.
Thanks in Advance Gary
-- struts 1.1 + tomcat 5.0.14 + java 1.4.2 Linux 2.4.20 RH9
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]