tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Smith <d...@cornell.edu>
Subject Re: OT: Sessions
Date Wed, 27 Jun 2007 13:07:51 GMT
One possibility is to check for a pre-existing open login on login.  If 
one is detected, return an error something to the effect of "please log 
off first".  Offer a log-off button/link that invalidates the session 
and returns the user to a welcome page.  Maintaining both logins is 
trickier and probably not in your best interest from a security perspective.

--David

vnug@cox.net wrote:
> Hi:
>
> We have an Enterprise application that uses sessions to keep track of User Information
(name, role, dept). This information is used against the user when logging out, checking credentials
and displaying user information. Since we are using Session Attributes to keep track of User
Information - this gets mangled when we try to login to application from the same browser
(in FireFox) and Ctrl-N from IE (in other words the person who gets logged in will overwrite
the current user's attribute thus losing first user information). So, I am wondering whether
you all have any recommendations/inputs to avoid this scenario. Thanks in advance. I did check
the google and other search tools, but could not locate anything useful.
>
> regards,
> Vasu
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message