Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Security Search Coderanch
Advance search Google search
Register / Login
advertise on coderanch polymorphism book review grid granny thread boost
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
building better world book book review grid thread boost meaningless drivel advertise on coderanch
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Web Security

 
Danilo Del Fio
Greenhorn
Posts: 2
posted 19 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hy,
I have worked in a project that previewed the authentication on LDAP through JAAS in order to implement a SSO for a web site that it grouped some applications in different languages(Java, PHP). The servlet that I have created authenticate the user and to couple a cookie to session HTTP. The question is this:
The adopted solution is correct (work with the cookie)? going encounter to the problems of compatibility between various browser and the various applications, or it is better to maintain an "application" session on the server so that every application can demand it if the user is qualified to execute the operation demanded? even only maintaining a id in session HTTP? Thanks. Danilo
 
Nicholas Cheung
Ranch Hand
Posts: 4982
posted 19 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
You need to maintain a list of each cookie together with the session id. For each request, when the cookie is being used, you may need to check whether this is a match.
Nick

SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)

 
Gadzirai Moyo
Greenhorn
Posts: 10
posted 19 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Use server side application session,for portability.
 
Danilo Del Fio
Greenhorn
Posts: 2
posted 19 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Yes, Gadzirai, I think that is the better choose.
Thank a lot.
 
Consider Paul's rocket mass heater.
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...