It's going to be a problem with whatever method is used. Even if there
is a server side IP address record for each cookie you still have the
problem of cookies stoled and used at the same location :(.
Unless you have an idea you wish to share? :).
Al.
Musachy Barroso wrote:
Be aware of cookie stealing.
musachy
On Thu, Jun 26, 2008 at 10:32 AM, Al Sutton <[EMAIL PROTECTED]> wrote:
I was thinking more along the lines of encrypting the userId and password
hash using AES, store the value in the cookie, then if the cookie is
available during another session decrypt, check everything matches, and let
them back in.
That way it avoids trying to maintain sync between the user and the server.
Al.
Lukasz Lenart wrote:
I think there isn't any solution in Struts2, so then, implement that
with cookies and save such cookie also on the server side in db, you
can also allow such thing for selected users, etc.
Regards
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
