At 04:04 PM 6/3/2003 -0300, you wrote:
Jacob and James, thanks a lot for your attention!I just need 2 things: 1 - find out who generated the http request , so i could compare it against the correct url.
What is the "correct url"? You have some application logic that I am not aware of. I can't really help you out until you detail what you mean here.
2 - to avoid direct http request ( i.e, from browser ), so i would create a session id in the prior JSP and then, search for it into my servlet ( the destination ). Is it clear?
What do you mean "avoid a direct http request"? What is your purpose here? I'm afraid it isn't very clear.
Jake
Regards, Euclides.
-----Mensagem original----- De: Jacob Kjome [mailto:[EMAIL PROTECTED] Enviada em: terca-feira, 3 de junho de 2003 12:19 Para: Tomcat Users List Assunto: Re: Best Practice: choose between SessionCookie or just Session
I think you are mixing concepts together. The session cookie simply provides an id that uniquely points to a session. This can also be replaced using URL rewriting of the session id. You don't directly manipulate the session id. This is handled by the container. You just grab a session and start adding stuff to it and reading stuff from it.
If you are talking about a "remember me" feature, you could place a cookie on the client which is completely and utterly separate from the session cookie which stores some information about how to automatically re-log in without user intervention.
I think the latter is what you are looking for.
Jake
At 11:48 AM 6/3/2003 -0300, you wrote: >Hi , friends. This is a important best practice question for me. My project >has a web form which is showed and filled ( by the user) after an external >authentication process. The question is: should i generate a session Cookie >that will be recovered by my following servlet or just generate any session >parameter ( which will be recovered later too ), since i guess i only need >to control the whole internal process. >Thanks in advance, >Euclides. > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
