• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 313
  • Last Modified:

Allocate new session after login authentication.(j2ee)

how do i issue a new session tracking cookie after user successfully authenticates to the application.
0
sunilramu
Asked:
sunilramu
  • 2
  • 2
  • 2
  • +1
2 Solutions
 
sunilramuAuthor Commented:
let me rephrase the question, can we change the jsessionid after authentication.
0
 
objectsCommented:
invalidate the session and create a new one
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
mukundha_expertCommented:
how r u tracking session??
by cookie or HTTPSession

if HttpSession then you can invalidate and create a new one
or use this page directive to stop creating the default session object '<%@ page session = “false” %>'

after authenticating create a new session.

if you are using cookies , then ceate a cookie after authenticatoin and add it to the response
0
 
sunilramuAuthor Commented:
i was able to allocate a new session with your help, is there anyway to make this secure ( a secure session)
0
 
objectsCommented:
what do u consider to be a secure session?
0
 
mukundha_expertCommented:
you can ensure the session secure by many ways like .. disabling the back option ( going back to previous page ) etc..

if the user logs out and tries to comeback to the previous page.. it should divert him to the login page,
like this there are many issues regarding secure session but these things you have to take care of using your code.. the Httpsession will not handle such scenorios
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now