ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Magda <dma...@gridgain.com>
Subject Re: Web app with CMS
Date Thu, 07 Jan 2016 11:28:38 GMT
Hi Pavlin,

In my understanding you should configure the security manager in a way 
that it will first check with Ignite cache if a session already exists 
and replace it only if it doesn't.
If it's impossible by some reason and both the security manager and the 
application knows that only the session's ID is changed but its content 
is left the same the you can do something like this
Session ses = sessionCache.get(oldSessionId);
sessionCache.put(newSessionId, ses);

Just in case sharing the link to [1] with you if you haven't visited 
that page before.

[1] https://apacheignite.readme.io/docs/web-session-clustering


On 1/7/2016 11:10 AM, pavlinсм wrote:
> Hello,
> I am doing a POC of Ignite as a web session replication cache. I have
> typical j2ee web application with container managed security, running inside
> Tomcat 7. Ignite is set-up following the instructions in the docs  and works
> fine (really informative in debug mode). The problem is when performing
> log-in - the security manager will replace the current session id with a new
> one ! Ignite threats the new sessionID as a new session and the application
> is loosing reference to the original session.
> When I turn off session fixation the problem is gone but I don't like to
> lose this security feature.
> Any ideas/comments are welcome !
> Cheers,
> Pavlin
> --
> View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Web-app-with-CMS-tp2414.html
> Sent from the Apache Ignite Users mailing list archive at Nabble.com.

View raw message