tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arup Vidyerthy" <ar...@limehouse.co.uk>
Subject RE: Can a client recapture a session in Tomcat 4.1
Date Thu, 12 May 2005 15:32:08 GMT
I agree, actually once I posted it I thought the same thing. What I
suggested is not particularly useful but I have seen it done :-(

I guess, in the end this whole session persistence is just a bad idea.

Arup

-----Original Message-----
From: Tim Diggins [mailto:subscribed@red56.co.uk] 
Sent: 12 May 2005 16:21
To: Tomcat Users List
Subject: Re: Can a client recapture a session in Tomcat 4.1

Using IP sounds a bit scary as a lookup - think of all the users with
equivalent IP addresses (because of NATing routers/firewalls, etc.). 
Plus it would be a strikes me it would be a nightmare to test...

But, if instead you wanted to have a session that wasn't linked to tomcat's
notion of a session, you could (maybe) build a separate Session management
that was stored in a regular (non-session) cookie -- it would
  then persist "across sessions" in the same browser...

Tim

Arup Vidyerthy wrote:
> I am not sure if this can be done... I guess you could build framework 
> where the user's  session id and ip is logged (unless they logout) and 
> then when the user comes back you could use the old session. I have 
> never tried this but this personally but I don’t see why it should not
work.
> 
> Arup
> -----Original Message-----
> From: Millies, Sebastian [mailto:Sebastian.Millies@ids-scheer.com]
> Sent: 12 May 2005 15:57
> To: tomcat-user@jakarta.apache.org
> Subject: Can a client recapture a session in Tomcat 4.1
> 
> 
> Can a client recapture his Tomcat session after he has accidentally 
> closed the browser, provided that the session object still exists on the
server?
> 
> Would this be a browser-specific thing? After all, I guess I'd need to 
> tell the browser to persist the session cookie or some such thing. Or 
> would it work browser-independently using URL-rewriting?
> 
> If there is such a mechanism, does it pose any security concerns (e. g.
> through Tomcat reusing a session-id for a totally different session?)
> 
> We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0?
> 
> Thanks for any enlightenment or additional pointers-. -- Sebastian
> 
> ----------------------------------------------
> Sebastian Millies, IDS Scheer AG
> Postfach 10 15 34, 66015 Saarbrücken
> Zi D1.16, Sebastian.Millies@ids-scheer.com fon +49-681-210-3221, fax
> +49-681-210-1311
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message