Re: Can a client recapture a session in Tomcat 4.1

[Tim Diggins]

Using IP sounds a bit scary as a lookup - think of all the users with 
equivalent IP addresses (because of NATing routers/firewalls, etc.). 
Plus it would be a strikes me it would be a nightmare to test...

But, if instead you wanted to have a session that wasn't linked to 
tomcat's notion of a session, you could (maybe) build a separate Session 
management that was stored in a regular (non-session) cookie -- it would 
 then persist "across sessions" in the same browser...

Tim
Arup Vidyerthy wrote:
I am not sure if this can be done... I guess you could build framework where
the user's  session id and ip is logged (unless they logout) and then when
the user comes back you could use the old session. I have never tried this
but this personally but I don’t see why it should not work. 

Arup
-----Original Message-----
From: Millies, Sebastian [mailto:[EMAIL PROTECTED] 
Sent: 12 May 2005 15:57
To: tomcat-user@jakarta.apache.org
Subject: Can a client recapture a session in Tomcat 4.1

Can a client recapture his Tomcat session after he has accidentally closed
the browser, provided that the session object still exists on the server?
Would this be a browser-specific thing? After all, I guess I'd need to tell
the browser to persist the session cookie or some such thing. Or would it
work browser-independently using URL-rewriting?
If there is such a mechanism, does it pose any security concerns (e. g.
through Tomcat reusing a session-id for a totally different session?)
We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0?
Thanks for any enlightenment or additional pointers-. -- Sebastian
----------------------------------------------
Sebastian Millies, IDS Scheer AG
Postfach 10 15 34, 66015 Saarbrücken
Zi D1.16, [EMAIL PROTECTED] fon +49-681-210-3221, fax
+49-681-210-1311
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]