wood burning stoves 2.0
The moose likes Servlets and the fly likes Is session security enough? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Is session security enough?" Watch "Is session security enough?" New topic

Is session security enough?

Mark Reyes
Ranch Hand

Joined: Jul 09, 2007
Posts: 426
For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves

Hi Bear and Peter, I dont mean to hijack this thread but I have exactly the same case as what Peter wants to do. In my case, I already setup a filter to trap all incoming HTTP request.
Check for a principal in the session and set the Authorization scheme on the session (User is Admin/Guest/etc..).

I cant help but think that this is a good security scheme. My question is, are putting user authorization/authentication scheme on session considered 'secure-enough?' and there's no way of others being able to check its value since session runs on the server side? Thanks

Sean Clark ---> I love this place!!!
Me ------> I definitely love this place!!!
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63342

Split off this thread hijack into its own topic. Please start new topics for your own questions.

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
I agree. Here's the link: http://aspose.com/file-tools
subject: Is session security enough?
It's not a secret anymore!