Win a copy of Java EE 8 High Performance this week in the Java/Jakarta EE forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

session object security question  RSS feed

Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,
I have a quick theoretical question. How secure is the session object? Say, a user logs into my website. The password is verified, and his username is placed in the session object as a parameter/attribute. Are there any potential security holes if I use that parameter to determine who this user is for the rest of the site?
We plan on having some rather important information on our Intranet, and managers will have access to all kinds of powerfull tools. I want to make sure that storing the username in the session object after authentication is the right way to do this. Thank you.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!