| Author |
Web Security
|
Danilo Del Fio
Greenhorn
Joined: Apr 20, 2004
Posts: 2
|
|
Hy,
I have worked in a project that previewed the authentication on LDAP through JAAS in order to implement a SSO for a web site that it grouped some applications in different languages(Java, PHP). The servlet that I have created authenticate the user and to couple a cookie to session HTTP. The question is this:
The adopted solution is correct (work with the cookie)? going encounter to the problems of compatibility between various browser and the various applications, or it is better to maintain an "application" session on the server so that every application can demand it if the user is qualified to execute the operation demanded? even only maintaining a id in session HTTP? Thanks. Danilo
|
 |
Nicholas Cheung
Ranch Hand
Joined: Nov 07, 2003
Posts: 4982
|
|
You need to maintain a list of each cookie together with the session id. For each request, when the cookie is being used, you may need to check whether this is a match.
Nick
|
SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
|
|
Gadzirai Moyo
Greenhorn
Joined: Nov 27, 2003
Posts: 10
|
|
|
Use server side application session,for portability.
|
|
Danilo Del Fio
Greenhorn
Joined: Apr 20, 2004
Posts: 2
|
|
Yes, Gadzirai, I think that is the better choose.
Thank a lot.
|
|
 |
|
|
subject: Web Security
|
|
|
0
