tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: I would like a new session each time I start my application
Date Mon, 04 Jun 2007 11:51:46 GMT
Cant say I do understand...
Session ID's are almost untouchables... they used by too many things, 
authentication, SSO, load balancing, and I'm worried that when the user does 
something as simple as a right click and opens a new page, the app breaks.

I'm not sure what you saying but I would rather go for something like change 
credits.
So, user does something that allows them one change... you store that in 
session ID, as an attribute, something like, setAttribute(ChangeCredit, 1);
Now they can open 20 pages.... but on page 5 they make the change.... the 
attribute is set back to 0;
None of the other pages will allow it.... something like that.

All I think that is happening is you trying to store state in the browser 
page, instead of the Session. ie you give them page, they change, you 
present them with page that is one state further on... ie thank you for 
change, cant change anymore, but user just has to open new page and they 
back to the beginning.
But if you store the state in the session.... that wont happen.
Irony is I think you actually need that Session.

Good Luck

----- Original Message ----- 
From: "Bachler, Elisabeth (Elisabeth)" <ebachler@alcatel-lucent.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Monday, June 04, 2007 12:32 PM
Subject: RE: I would like a new session each time I start my application


The thing is that my application access a database. When the user wants
to modify the db, I lock the access to this particular action (and let
the user only view the data) using the sessionID.
Now, if the user is "bad"... He can log on once and get the modify
action... Then he can open a new screen and modify things again... Which
is not what I need. Everytime a new screen is open to execute the
application I need a different sessionID. Do you see what my problem is
? I don't know another way of doing it.


-----Original Message-----
From: Johnny Kewl [mailto:john@kewlstuff.co.za]
Sent: lunes, 04 de junio de 2007 11:07
To: Tomcat Users List
Subject: Re: I would like a new session each time I start my application

Liz, please tell us what you actually doing and why you need this?
I think there is a conceptual problem...

----- Original Message -----
From: "Bachler, Elisabeth (Elisabeth)" <ebachler@alcatel-lucent.com>
To: <users@tomcat.apache.org>
Sent: Friday, June 01, 2007 6:57 PM
Subject: I would like a new session each time I start my application


Hi,
I have an application that works under tomcat.
Each time I run my application I have the same sessionID. Is there a way
to generate a differente sessionID each time I start my application?

Thanks

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message