tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Kjome <>
Subject Re: RES: Best Practice: choose between SessionCookie or just Session
Date Tue, 03 Jun 2003 21:29:28 GMT

At 04:04 PM 6/3/2003 -0300, you wrote:
>Jacob and James,
>thanks a lot for your attention!I just need 2 things:
>1 - find out who generated the http request , so i could compare it against
>the correct url.

What is the "correct url"?  You have some application logic that I am not 
aware of.  I can't really help you out until you detail what you mean here.

>2 - to avoid direct http request ( i.e, from browser ), so i would create a
>session id in the prior JSP and then, search for it into my servlet ( the
>destination ). Is it clear?

What do you mean "avoid a direct http request"?  What is your purpose 
here?  I'm afraid it isn't very clear.


>-----Mensagem original-----
>De: Jacob Kjome []
>Enviada em: terca-feira, 3 de junho de 2003 12:19
>Para: Tomcat Users List
>Assunto: Re: Best Practice: choose between SessionCookie or just Session
>I think you are mixing concepts together.  The session cookie simply
>provides an id that uniquely points to a session.  This can also be
>replaced using URL rewriting of the session id.  You don't directly
>manipulate the session id.  This is handled by the container.  You just
>grab a session and start adding stuff to it and reading stuff from it.
>If you are talking about a "remember me" feature, you could place a cookie
>on the client which is completely and utterly separate from the session
>cookie which stores some information about how to automatically re-log in
>without user intervention.
>I think the latter is what you are looking for.
>At 11:48 AM 6/3/2003 -0300, you wrote:
> >Hi , friends. This is a important best practice question for me. My project
> >has a web form which is showed and filled ( by the user) after an external
> >authentication process. The question is: should i generate a session Cookie
> >that will be recovered by my following servlet or just generate any session
> >parameter ( which will be recovered later too ), since i guess i only need
> >to control the whole internal process.
> >Thanks in advance,
> >Euclides.
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> >For additional commands, e-mail:
>To unsubscribe, e-mail:
>For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message