From: "Angelo Immediata" <[EMAIL PROTECTED]>
Date: Wed, 26 Oct 2005 18:17:25 +0200
Hi all. Is possible with cocoon check if a session id is still alive?
I must unteract with another application; i pass to this application the
current user's session id; after some times the flow comes back to my
application and by using a web service it passes to me the session id; i
must check if this session id is still alive... is this possible? If so...
how can i do?
With difficulty, I believe. I was looking into this earlier today with a
colleague - at one time there was a HttpSessionContext class with methods
getIds() and getSession(java.lang.String sessionId), which sounds like just
the job. However, it was deprecated in servlet 2.1 with no replacement (as
a security precaution, I guess, to prevent e.g. a hacker uploading a JSP
that lists the currently valid session IDs that might be hijacked). The
best alternative we've come up with so far is to write a HttpSessionListener
(servlet 2.3+) that maintains a Set of current IDs (added in sessionCreated
and removed by sessionDestroyed). Store the Set instance in some singleton
class (being careful of thread safety, of course), and a servlet (or web
service in your case) could check it for any given ID.
Moreover... i have also the id of the user that used the other application,
i must recover from the session all is data... can i search in a way
between all the session token the token i want?
Yhanks to all.
Again, this doesn't seem to be encouraged for security reasons. The above
approach would still work if you use a Map rather than a Set, with the
session ID as key and a javabean of the info you're interested in as the
value.
I'll leave it to you to figure out how you integrate any of this with your
Cocoon-based stuff...
Andrew.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
