Jacob and James, thanks a lot for your attention!I just need 2 things: 1 - find out who generated the http request , so i could compare it against the correct url. 2 - to avoid direct http request ( i.e, from browser ), so i would create a session id in the prior JSP and then, search for it into my servlet ( the destination ). Is it clear? Regards, Euclides.
-----Mensagem original----- De: Jacob Kjome [mailto:[EMAIL PROTECTED] Enviada em: terca-feira, 3 de junho de 2003 12:19 Para: Tomcat Users List Assunto: Re: Best Practice: choose between SessionCookie or just Session I think you are mixing concepts together. The session cookie simply provides an id that uniquely points to a session. This can also be replaced using URL rewriting of the session id. You don't directly manipulate the session id. This is handled by the container. You just grab a session and start adding stuff to it and reading stuff from it. If you are talking about a "remember me" feature, you could place a cookie on the client which is completely and utterly separate from the session cookie which stores some information about how to automatically re-log in without user intervention. I think the latter is what you are looking for. Jake At 11:48 AM 6/3/2003 -0300, you wrote: >Hi , friends. This is a important best practice question for me. My project >has a web form which is showed and filled ( by the user) after an external >authentication process. The question is: should i generate a session Cookie >that will be recovered by my following servlet or just generate any session >parameter ( which will be recovered later too ), since i guess i only need >to control the whole internal process. >Thanks in advance, >Euclides. > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
