• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Turns off cookies in browser - CookieSSO

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey

Jforum rocks...........

There is a possibility where the user turns off the cookies or disbales the cookies in browser. Will CookieSSO fail completely in that case? As forums are mostly Internet based webapplications, wont it be a bad idea to go with CookieSSO? What is the best solution to have SSO that too independent of containers?

Regards
Greg
[originally posted on jforum.net by gregjhonson]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It depends on your implementation. If you set it up correctly you can use session cookies (not stored). In today's Internet, it's hard to find ANY complex application that doesn't require session cookies. Try logging into any Google app, or running many J2EE webapps without them (e.g. Tomcat tracks browser to session object using them).

Granted there are ways to "rewrite" the URLs with sessionID information on them. But this is a lot of extra coding/checking. It also makes for a lot of possible "bugs" to track down when the special coding is forgotten.

You combine this with the fact that session cookies are not a spyware or other security risk since they disappear when you shut the browser down, it's not so "onerous" to require people to turn this on. (If they already haven't for other applications they run).
[originally posted on jforum.net by monroe]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic