Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security issue

 
sreenath reddy
Ranch Hand
Posts: 415
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I have a problem in handling the security issue while logging in.see once a user logs in from a browser a new session will be created but how to prevent the user from opening up a new browser and again he logs in.
I should not allow the user to do that .can any one help me out in this regard .i am new to this servlets/jsp .i heard that it can be done using cookies is it true and if yes can any one send me the sample code r can u guide me how to this??
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Generally this is not done, you just accept the fact that the user may be logged in multiple times and deal with it. In a way it helps, since it forces you to write thread safe code.
One solution that may work is to change the in-memory session cookie into a persistence (file based) cookie. To do this, buy Marty Hall's new book (or you can modify the cookie so that it doesn't expire).
You may however be causing other security problems since the session id can now be picked up off the file system and doesn't disappear when the browser is closed.
I still prefer the solution where you live with and allow users to open multiple browsers in a controlled environment.
Dave
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic