Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Session Validation Filter

 
Ranch Hand
Posts: 42
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi ,
I have a session validation Filter which logs off the user when session is expired. The application uses HTTP Basic Authentication.
here is a piece of code.


The filter works as expected: after session time-out if the user click on any link on the application ,user will be redirected to the login page where he has to close the browser and relaunch the browser to login again since its a Basic authentication.

The problem is
when the user is naviagating the application ,on some page if the user uses cookie editor and delete Jsession id and click on some link, the session expiry filter fails to block this action
or atleast would not prompt for relogin (i donot have idea how to force the user for relogin wihout closing the browser in basic authentication ) can someone please help on this..

Thanks

 
Ranch Hand
Posts: 312
MS IE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please store a secret KEY in the session instead of in the cookie. If this key is not present then re-direct user to login page.
 
Manjesh Patil
Ranch Hand
Posts: 42
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Madhan Madhan Sundararajan thanks for reply ..but that does not stop the problem

1) There wont be Jsession Id in the browser's first request .. so the server has to let the request to flow and create JsessionId
2) After user logs in and at somepoint of navigation he deletes the sessionId and make request then server should not create new session but prevent this and force for relogin.
In basic-athentication how to redirect the user to login prompt?

 
Get meta with me! What pursues us is our own obsessions! But not this tiny ad:
the value of filler advertising in 2020
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic