security « Session « JSP-Servlet Q&A

  1. JSP-Servlet Q&A
  2. Session
  3. security




1. Client side sessions    stackoverflow.com

I want the clients of several related web apps to hold their own authentication state. This improves scalability, because no session replication between cluster nodes is needed. And it makes integration ...

2. How to properly invalidate JSP session?    stackoverflow.com

So here is the problem. When a user logs out of my website, they can still hit the back button and continue using the site. To keep track of whether the ...

3. What prevents HttpSession's id from being stolen?    stackoverflow.com

The question title pretty much says it all. In the java Servlet API, what is done to ensure that someone's session id is not stolen? For example, if I had an active ...

4. HttpSession safe    stackoverflow.com

Where is servlet HttpSession stored? Is it safe to store sensitive information in HttpSession attributes. Can user maliciously modify session attributes?

5. What are the common pitfalls to avoid in a jsp application in terms of security?    stackoverflow.com

I am starting to work on a Fairly standard Jsp application. (Jsp,Oracle backend). The security of the application is important. So what are the common(also uncommon ) Pitfalls that I should avoid ...

6. imp.- j_security_check authenticates .. but how to set session as well ..?    coderanch.com

hi, i have a login page, this has a form with two textfields for username, password

upon submission, this mechanism works and checks if username and password exists in database and then allows the user to go on. PROBLEM: I also need to setAttribute for a session at this point, so that in the subsequent pages I know who ...

7. session object security.    coderanch.com

8. Session Security    coderanch.com

Hi All, Following is my question: A user logs into your application. Your application checks for the authentication from database. User is a valid user. Now, Application sets the userId into session for session tracking. session.setAttribute("userId",userId); When the user does some database transaction, the application fetches the userId from session and inserts user values in database against that userId. For example: ...

9. Security in HttpSession [Discussion]    java-forums.org

we use the HttpSession in our web applications.the most example of using the HttpSession is login procedure.If the user has been loged in the web application create new HttpSession in the system.This HttpSession has unique id.This id will store in that user browser as a cookie (there is another ways to store it).So if the user requests information again the web ...