httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Hilton <jeremy-l...@adtcs.com>
Subject Re: [users@httpd] Apache with mod_jk2 - Sessions/Cookies etc.
Date Wed, 09 Feb 2005 14:26:54 GMT
On 2/8/05 10:29 PM, "Marian D Marinov" <hackman@hydra.azilian.net> wrote:

> [cut]
>> The question has arisen from the developer about sessions, coolkies etc and
>> how the PHP application and the Java can easily share information.  It
>> would be preferable if we could simply control access to the Java app based
>> upon the existence of a particular cookie, at the Apache httpd level, using
>> htaccess or something similar.
> [cut]
> 
> The best practice for this is to use the same session_name cookie in the two
> apps. And to store session data into database. If it is not possible to use
> database as storage you will need to have access to session storage files
> from both apps. The only problem is that PHP Session values are serialized in
> different way than Java's.
> Using only apache you will face big security issue here. You can easy
> compromise your session information if you don't use strong security checks.
> 
> Regards
> M.Marinov

I would also suggest using a database for storing session. It seems more
elegant to keep all the nuts and bolts of the application contained in the
application, rather than pawning the responsibility of a major piece like
session handling off to an external mechanism.

To help with the cross-language barrier, I would suggest utilizing a
technology like WDDX (XML based technology) for passing data between the
languages. It was developed specifically for this task.

http://www.openwddx.org

Jeremy


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message