>>> A Suresh <[EMAIL PROTECTED]> 04-Jan-00 1:06:51 PM >>>
>can someone throw light on different ways of implementing
>sessions ( transient/persistent cookies, URL rewriting, hidden
>form fields, et al. ) and the security issues they pose ? I would
>like to know if there are other methods of implementing session
>in a secure way apart from what i have listed here.
The most secure way of implementing a session is with SSL.
SSL has a unique connection id that can be used as the session
identifier.
The servlet API specification provides for this but I am not aware of
any implementations yet. Someone probably has done it though.
If anyone is interested in working on a free implementation of this
(using GNU-Paperclips - a free servlet engine) then please contact me
directly.
Nic Ferrier
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
