It's not a secret anymore!
The moose likes Servlets and the fly likes security issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "security issue" Watch "security issue" New topic

security issue

sreenath reddy
Ranch Hand

Joined: Sep 21, 2003
Posts: 415
I have a problem in handling the security issue while logging in.see once a user logs in from a browser a new session will be created but how to prevent the user from opening up a new browser and again he logs in.
I should not allow the user to do that .can any one help me out in this regard .i am new to this servlets/jsp .i heard that it can be done using cookies is it true and if yes can any one send me the sample code r can u guide me how to this??
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Generally this is not done, you just accept the fact that the user may be logged in multiple times and deal with it. In a way it helps, since it forces you to write thread safe code.
One solution that may work is to change the in-memory session cookie into a persistence (file based) cookie. To do this, buy Marty Hall's new book (or you can modify the cookie so that it doesn't expire).
You may however be causing other security problems since the session id can now be picked up off the file system and doesn't disappear when the browser is closed.
I still prefer the solution where you live with and allow users to open multiple browsers in a controlled environment.
I agree. Here's the link:
subject: security issue
It's not a secret anymore!