Re: [Acegisecurity-developer] Acegisecurity-developer Digest, Vol 24, Issue 2
What is doing session-fixation-protection??? I resolved session fixation problem saving the ip address of authenticated users, and a filter that always check if ipaddress of the request Is the same that I was save when the user succefully authenticate. Is this method insecure?? I do this because I still use Acegi 1.0.4 and I never heard about acegi session-fixation-protection - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] how to get online users list
You don't need declare the sessionRegistry as a listener in your web.xml this class effectly is a listener but in acegi documentation always appear declared as a bean in the security context, works as a listener too but you can inject into others beans. So declare only one time and remove the listener, just handle as a bean. - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] how to get online users list
in your acegi context search for the bean : with this you can declare SessionRegistry sessions and inject the sessionRegistry bean to your class in the bean context so you can access to the real session registry by this reference <>- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] how to get online users list from acegi ???? (Ray Krueger)
String users [] = (String[])SessionRegistry.getAllPrincipals(); List online; for(int i=0;i> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
Re: [Acegisecurity-developer] Acegisecurity-developer Digest, Vol 16, Issue 7
But how I can get the session specific to call .invalidate() if only I have the sessionId ? That would be great if I can do that Thanks for the answers - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] session manager
hello everyone my problem is that i need to invalidate a session by sessionid my answer is the following when i call a method SessionRegistryImpl.removeSessionInformation( sessionId ) this cause that the other user who was logged in the system and have this session id to loggoff?? thanks <>- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
