• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is session security enough?

 
Mark Reyes
Ranch Hand
Posts: 426
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves


Hi Bear and Peter, I dont mean to hijack this thread but I have exactly the same case as what Peter wants to do. In my case, I already setup a filter to trap all incoming HTTP request.
Check for a principal in the session and set the Authorization scheme on the session (User is Admin/Guest/etc..).

I cant help but think that this is a good security scheme. My question is, are putting user authorization/authentication scheme on session considered 'secure-enough?' and there's no way of others being able to check its value since session runs on the server side? Thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64964
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Split off this thread hijack into its own topic. Please start new topics for your own questions.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic