cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulrich Mayring <u...@denic.de>
Subject Re: create-session attribute of xsp:page
Date Thu, 13 Jul 2000 10:29:04 GMT
Jeremy Quinn wrote:
> 
> You will notice that the <xsp:page/> tag can take an optional
> "create-session" attribute, that you can set to "true".

I have written my own session handling, because I want to authenticate
against a database. Thus I don't want to automatically create a new
session, but only if authentication was successful. If it wasn't
successful I don't need a new session, I just do a redirect to the login
page.

This has the advantage that no usernames and passwords appear anywhere
in my XML files, they are stored in the database. And all my sensitive
pages are protected, no matter where they are located, because they
redirect to the login page, if there is no session. Thus I have taken
authentication completely away from the filesystem and the webserver, I
do everything against a database, which probably is much harder to hack
(the database being behind a Firewall, too).

If anyone is interested in this scheme, just ask me. I am currently
wondering if I can put it in a taglib and contribute it. It can't run
out of the box, due to the many different databases out there, but I
could provide a way to set database driver and URL with a taglib.

Ulrich

-- 
Ulrich Mayring
DENIC eG, Systementwicklung

Mime
View raw message