RE: JServ and security

Tue, 31 Oct 2000 10:02:38 -0800 

----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------

Yes, I believe the JSSI stuff may use Cookies (if available) to maintain
session state ...

Bill

> -----Original Message-----
> I was pretty much inclined to go along with this model of validation
> also.  An I though server-side cookies maintained this kind of session
> state within them, or could?
>
> Nathan
>
>
> At 04:09 PM 10/30/00 -0800, you wrote:--------------
> >
> >Nathan wrote:
> >
> > > I am starting to work on an ASP (Application Service Provider)
> > > product for
> > > my company and I am just beginning to work on the security
> concerns.  I
> > > plan on using server-side cookies for authentication.  As I
> have yet to
> > > even begin I thought I might try and leverage some of your
> experiences.
> >
> >We're just starting out in Jserv-land ... but I do know
> something about this
> >issue.
> >
> >I don't think cookies are a "best pratices" for authentication.
> >
> >I do see Cookies as a way of recognizing a user ... but the
> accepted thing
> >is to have them sign on ... via. a password ... and then
> maintain a "session
> >state" for all subsquent web pages.  I.E. you assign a session
> ID for this
> >transaction and keep track of that user as long as they stay 'connected'.
> >Typically you time out the session after some period of in-activity.
> >
> >I used to do that my imbedding the session id in all the URL
> links ... or in
> >a hidden form on the web page.  I understand that jserve ... particullary
> >the jssi stuff ... has features for maintining session state et. al.
> >
> >Bill Volk
> >>



--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search Archives: 
<http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]

Reply via email to