Well, I'm trying... the great thing about mailing lists is now I have this
wonderful place to preserve my ignorance for years to come.. fantastic :)
Well... let me try and express where I am at now... There is this concept of
a cookie on the client side which contains some name/value pair... these
cookies are by default around for the lifetime of a browser window (session)
and are only available to that one window... any number of seconds can be
assigned to the life of the cookie, at which time they become "persistent"
and are available to all browser windows on the client machine...
On the server side there is a concept of a session... this session is
defined by credentials supplied in the form of a JSESSIONID, which is
created by the container and stored in a session cookie (or the url) on the
client... Problems arise when one has an application that can span multiple
windows, as session cookies are only visible to the window in which they
were created.
If the container was to use persistent cookies to track the clients session
instead of the in-memory session cookies, one would think multiple browser
windows could participate in the same session...
Is there some inherent problem with using persistent cookies for tracking a
user session? I must be missing something, but I'm not sure what....
----- Original Message -----
From: "Gareth Coltman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 05, 2001 4:25 AM
Subject: RE: security
> Hmm, you need to do more research into what cookies are and the difference
between session tracking using soft cookies and
> persistant cookies on the client. Your posts confuse these two things.
>
> But to help you out:
>
> data.getCookies().setCookiePath(new DynamicURI(data));
>
> //Default 5 years if nothing specified
> int iCookieLife = TurbineResources.getInt("cookie.lifetime",
155520000);
> data.getCookies().set(user.getUserName(), iCookieLife);
>
>
>
> > -----Original Message-----
> > From: Dan Bachelder [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 05, 2001 02:54
> > To: [EMAIL PROTECTED]
> > Subject: Re: security
> >
> >
> > Boy... it looks like servlets only support session cookies...
> > strange..
> >
> > I guess I need to use that URL encoding thing... is that a server.xml
> > setting?
> >
> >
> > ----- Original Message -----
> > From: "Dan Bachelder" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, September 04, 2001 9:28 PM
> > Subject: Re: security
> >
> >
> > > Is there a way to use persistant cookies instead of session
> > cookies? I've
> > > been plaing with RunData and DefaultCookieParser but they
> > don't seem to do
> > > the trick... I would like to check for a persitant cookie
> > in my login
> > action
> > > and if it doesn't exist or is expired ask the user to log
> > in... and in my
> > > TemplateSessionValidator I want to also check said
> > cookie... I don't see
> > > anyway to mess with the expire date or type of cookie in
> > the classes I
> > have
> > > played with so far.. any pointers?
> > >
> > > >
> > > > You do not have to do it manually, if you shut off
> > session cookies in
> > > > the container, turbine (using the container) will
> > automatically switch
> > > > to url rewriting. So $link will work transparently.
> > > >
> > > > john mcnally
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
