tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arup Vidyerthy" <ar...@limehouse.co.uk>
Subject RE: Can a client recapture a session in Tomcat 4.1
Date Thu, 12 May 2005 15:05:51 GMT
I am not sure if this can be done... I guess you could build framework where
the user's  session id and ip is logged (unless they logout) and then when
the user comes back you could use the old session. I have never tried this
but this personally but I don’t see why it should not work. 

Arup
-----Original Message-----
From: Millies, Sebastian [mailto:Sebastian.Millies@ids-scheer.com] 
Sent: 12 May 2005 15:57
To: tomcat-user@jakarta.apache.org
Subject: Can a client recapture a session in Tomcat 4.1


Can a client recapture his Tomcat session after he has accidentally closed
the browser, provided that the session object still exists on the server?

Would this be a browser-specific thing? After all, I guess I'd need to tell
the browser to persist the session cookie or some such thing. Or would it
work browser-independently using URL-rewriting?

If there is such a mechanism, does it pose any security concerns (e. g.
through Tomcat reusing a session-id for a totally different session?)

We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0?

Thanks for any enlightenment or additional pointers-. -- Sebastian

----------------------------------------------
Sebastian Millies, IDS Scheer AG
Postfach 10 15 34, 66015 Saarbrücken
Zi D1.16, Sebastian.Millies@ids-scheer.com fon +49-681-210-3221, fax
+49-681-210-1311

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message