I am not sure if this can be done... I guess you could build framework where
the user's session id and ip is logged (unless they logout) and then when
the user comes back you could use the old session. I have never tried this
but this personally but I dont see why it should not work.
Arup
-----Original Message-----
From: Millies, Sebastian [mailto:Sebastian.Millies@ids-scheer.com]
Sent: 12 May 2005 15:57
To: tomcat-user@jakarta.apache.org
Subject: Can a client recapture a session in Tomcat 4.1
Can a client recapture his Tomcat session after he has accidentally closed
the browser, provided that the session object still exists on the server?
Would this be a browser-specific thing? After all, I guess I'd need to tell
the browser to persist the session cookie or some such thing. Or would it
work browser-independently using URL-rewriting?
If there is such a mechanism, does it pose any security concerns (e. g.
through Tomcat reusing a session-id for a totally different session?)
We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0?
Thanks for any enlightenment or additional pointers-. -- Sebastian
----------------------------------------------
Sebastian Millies, IDS Scheer AG
Postfach 10 15 34, 66015 Saarbrücken
Zi D1.16, Sebastian.Millies@ids-scheer.com fon +49-681-210-3221, fax
+49-681-210-1311
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
|