myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Kienenberger" <mkien...@gmail.com>
Subject Re: [tobago] Can we hide the session id on the URL?
Date Thu, 12 Apr 2007 16:53:58 GMT
No, I don't remember how to do this off the top of my head.  The one
place I know how to do it (OC4J) is a container-specific web page.
It might be in the web.xml file as well, though.
A google search or docs for your container are probably the best place to look.

On 4/12/07, Wong, Emmanuel (Sam) <WongE@sec.gov> wrote:
> Hi:
>         Do you have an examples file to configure the
> container/application to store session information in cookies instead of
> the url?  is it on the web.xml file?  Thanks.
>
> -----Original Message-----
> From: Mike Kienenberger [mailto:mkienenb@gmail.com]
> Sent: Thursday, April 12, 2007 12:10 PM
> To: MyFaces Discussion
> Subject: Re: [tobago] Can we hide the session id on the URL?
>
> This is a standard issue with servlet applications.
> One solution is to track the original ip address in the session, and
> reject any requests that come from a different ip address.
> Another solution is to configure your container/application to store
> session information in cookies instead of the url.
>
> On 4/12/07, Wong, Emmanuel (Sam) <WongE@sec.gov> wrote:
> >
> >
> >
> > Hi:
> >
> >         Could we hide the session id on the URL?  It seems if I
> capture  the
> > URL with the session id, I was able to get into the application.
> Thanks.
> >
> > --> Sam Wong
> >
> >
>

Mime
View raw message