On 4/28/07, lightbulb432 <[EMAIL PROTECTED]> wrote:
What would the cookie store?
A Cookie stores name, value pairs just like the Session. So you can store anything in a Cookie. But I think it may be a security concern to store the password in a Cookie.
Username and password, just username, or something else? How can this be done in such a way as to prevent the user from changing the value within the cookie?
The above can be tested --- clear all cookies in the browser, refer to the Cookie in the JavaEE API -- set a cookie (name, value pair), see if the browser's cookie that was just set could be tampered somehow.
Could you elaborate on what you meant by sessions not working when the browser caches a page? If a user submits a form in a cached page, wouldn't they still be directed to their same session on the server? (Whether the session ID is stored in URL, cookie, or hidden form field.)
If the session id is stored in the URL, cookie or hidden field it may be possible to access the session, if the page is cached by the browser but I haven't tested it.
From my experience with sessions , the functionality implemented with
sessions stops working as soon as the page is cached by the browser.
Thanks.
-Regards Rashmi --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]