aspose file tools*
The moose likes Servlets and the fly likes Overriding JSESSIONID Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Overriding JSESSIONID" Watch "Overriding JSESSIONID" New topic
Author

Overriding JSESSIONID

Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
Hi,

How can I override the JSESSIONID created by the servers ? I want my web application to maintain the session based on a session cookie created by me. Even if somebody is able to hack the jsession id created by the server, it should not be an issue with the application.

Thanks,
Neeraj.
ujjwal soni
Ranch Hand

Joined: Mar 28, 2007
Posts: 403
Hi,

I think the best idea is not to over ride the JSESSIONID but to implement your own session handling. Go to the o'rielly site and do a search for pseudo-sessions for an example.

However, if you are using tomcat then the below link might help you out

http://runtime32.blogspot.com/2009/04/override-tomcat-session-cookie.html


Cheers!!!
Ujjwal B Soni <baroda, gujarat, india> <+919909981973>
"Helping hands are better than praying lips......"
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12682
    
    5
Even if somebody is able to hack the jsession id created by the server, it should not be an issue with the application.


Any session mechanism you create yourself will have the same vulnerability since the id will have to appear in a cookie or elsewhere in the request. There are better ways to be sure that you are talking to an authorized user.

Bill

Java Resources at www.wbrogden.com
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 29287
    
140

Neeraj Vij wrote: Even if somebody is able to hack the jsession id created by the server, it should not be an issue with the application.

Why? Is your cookie somehow more secure? If you are really worried about hackers, I hope you are using https.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Overriding JSESSIONID
 
Similar Threads
Session Tracking
Basic question in sessions
URL rewriting is not working
Session
Multiple Cookies with the name 'JSESSIONID' getting created