• Post Reply Bookmark Topic Watch Topic
  • New Topic

disabling restore session in firefox browser  RSS feed

 
Rahul verma
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While i was running my application in firefox browser,due to some reason my system got stuck up, so i restarted the system and i opened firefox browser,it asked me whether session should be restored/not, i selected yes
and it opened my application whithout asking me username/password. This feature i want to disable from serverside(from jsp/servlet/javascript) because of security problem.
 
Andris Jekabsons
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think that's the whole point of Firefox restoring session: so that if it crashes, you wouldn't have to search for your page and login again.
Because it's handled on the client's side, the only solution you probably have is to set your HttpSession's max inactive interval to a smaller amount of time.
This way if later somebody other than the legitimate user restores a crashed session on client's PC, your server won't accept the login credentials any more.
 
Rahul verma
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Andris Jekabsons:
I think that's the whole point of Firefox restoring session: so that if it crashes, you wouldn't have to search for your page and login again.
Because it's handled on the client's side, the only solution you probably have is to set your HttpSession's max inactive interval to a smaller amount of time.
This way if later somebody other than the legitimate user restores a crashed session on client's PC, your server won't accept the login credentials any more.


Ok that problem solved Thanks!
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ben Souther:
"Moin",
Welcome to JavaRanch!

We're pleased to have you here with us in the FSP forum, but there
are a few rules that need to be followed, and one is that proper names are
required. Please take a look at the
JavaRanch Naming Policy and
adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

You can change it here

Welcome to JavaRanch!
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!