Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Tomcat Users »

RES: Best Practice: choose between SessionCookie or just Session

Jose Euclides da Silva Junior - DATAPREVRJ

2003-06-03

Replies:

Jacob and James,
thanks a lot for your attention!I just need 2 things:
1 - find out who generated the http request , so i could compare it against
the correct url.
2 - to avoid direct http request ( i.e, from browser ), so i would create a
session id in the prior JSP and then, search for it into my servlet ( the
destination ). Is it clear?
Regards,
Euclides.



-----Mensagem original-----
De: Jacob Kjome [mailto:hoju@(protected)]
Enviada em: terca-feira, 3 de junho de 2003 12:19
Para: Tomcat Users List
Assunto: Re: Best Practice: choose between SessionCookie or just Session



I think you are mixing concepts together. The session cookie simply
provides an id that uniquely points to a session. This can also be
replaced using URL rewriting of the session id. You don't directly
manipulate the session id. This is handled by the container. You just
grab a session and start adding stuff to it and reading stuff from it.

If you are talking about a "remember me" feature, you could place a cookie
on the client which is completely and utterly separate from the session
cookie which stores some information about how to automatically re-log in
without user intervention.

I think the latter is what you are looking for.

Jake

At 11:48 AM 6/3/2003 -0300, you wrote:
>Hi , friends. This is a important best practice question for me. My project
>has a web form which is showed and filled ( by the user) after an external
>authentication process. The question is: should i generate a session Cookie
>that will be recovered by my following servlet or just generate any session
>parameter ( which will be recovered later too ), since i guess i only need
>to control the whole internal process.
>Thanks in advance,
>Euclides.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)


©2008 junlu.com - Jax Systems, LLC, U.S.A.