• Post Reply Bookmark Topic Watch Topic
  • New Topic

authentication with cookies

 
abdel solarie
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hello

I want to develop one web site for buying and selling (with java struts), but I am blocked on authentication step:
1) is the authentication with cookies good choice?
2) if answer is yes, how many cookies we need to do it ?
3) how we can secure the exchange between the server and the client using cookies ?

thank you in advance.
 
Tim Holloway
Bartender
Posts: 18417
58
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Authentication with any sort of self-invented security system is a bad choice. It's a lot of extra work and I'll accept good odds that it won't actually be secure.

There's a perfectly useful security system built into J2EE and any good book on J2EE will tell you how to setup web.xml to use it. In most J2EE servers, it will attempt to pass a session identifier that anchors both your session data and the server security data, and that session ID is in a cookie unless the user has cookies turned off. However, the J2EE session manager handles that cookie itself, and application programmers don't have to do anything with it. In fact, they can't, since the session ID is useless except to the server itself.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!