*
The moose likes Struts and the fly likes Session problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Session problem " Watch "Session problem " New topic
Author

Session problem

V Bunny
Greenhorn

Joined: Dec 31, 2007
Posts: 20
Hi all,
I have my struts application where i store the user information in the session in the coreaction (extends action)as soon as they login and in the other parts of my application i check weather the employee detail is present in session and then only i let user to access the page. now my problem is people can able to hack my application like they save my login page as webpage and submit the username and password in the form and in another webpage they pass the url of my intime page where the session is maintained . how to come across this problem
Srinivasan thoyyeti
Ranch Hand

Joined: Feb 15, 2007
Posts: 557
First of all, session has nothing to do with broswer window.

1. closing the browser need not be end of session.
2. re-opening another instance of parent window and working with that instance is also possible.

So it is possible that an user sends multiple requests (through multiple browsers)in the same session, So here we have to get prepared(allowing single request to process crutial code) for avioding "Data sharing problems".
[ May 16, 2008: Message edited by: Srinivasan thoyyeti ]

Thanks & Regards, T.Srinivasan
SCWCD 1.4(89%), SCJP 5.0(75%)
Prasad Tamirisa
Ranch Hand

Joined: Mar 26, 2007
Posts: 130
Bunny,

Please be elaborate in explaining your problem. I couldn't understand it..


Regards,
Durga Prasad
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
v bunny,

Please check your private messages for a message regarding an important administrative matter.


Merrill
Consultant, Sima Solutions
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session problem
 
Similar Threads
escaping an iframe
escaping an iframe
Problem with HttpSession in Struts2
session management for logout
How can i use Session in login page