> - Can session objects be accessed across servlets (that is, create a
> session in one servlet, get session in another servlet) running in the same
> servlet engine instnace? Different servlet engine instances?
>
> Here's how I came up with this question. I have a login servlet that
> authenticates a user and creates a session. I also have another servlet
> that handles other application logic. The login servlet is served off a
> secure web services (JWS), and the application servlet is served off a
> regular web service.
A much more intelligent and secure method of handling security is to use a
framework like Dash.
<http://www.working-dogs.com/dash/>
The point is to have a single servlet that handles all of the security and
session data and that servlet then calls the other "servlets" via
Class.forName(). This is a much more secure method of doing things because
you do not have to worry about each servlet being secure, you only need to
worry about the top level servlet being secure. If the security fails in a
single place that is much easier to track and in 50 or 100 different places.
-jon
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
