Solved

Allocate new session after login authentication.(j2ee)

Posted on 2006-07-07
9
295 Views
Last Modified: 2013-11-24
how do i issue a new session tracking cookie after user successfully authenticates to the application.
0
Comment
Question by:sunilramu
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 13

Expert Comment

by:Webstorm
ID: 17060445
0
 

Author Comment

by:sunilramu
ID: 17061550
let me rephrase the question, can we change the jsessionid after authentication.
0
 
LVL 92

Accepted Solution

by:
objects earned 250 total points
ID: 17062884
invalidate the session and create a new one
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 10

Assisted Solution

by:mukundha_expert
mukundha_expert earned 250 total points
ID: 17064143
how r u tracking session??
by cookie or HTTPSession

if HttpSession then you can invalidate and create a new one
or use this page directive to stop creating the default session object '<%@ page session = “false” %>'

after authenticating create a new session.

if you are using cookies , then ceate a cookie after authenticatoin and add it to the response
0
 

Author Comment

by:sunilramu
ID: 17065144
i was able to allocate a new session with your help, is there anyway to make this secure ( a secure session)
0
 
LVL 92

Expert Comment

by:objects
ID: 17066519
what do u consider to be a secure session?
0
 
LVL 10

Expert Comment

by:mukundha_expert
ID: 17070582
you can ensure the session secure by many ways like .. disabling the back option ( going back to previous page ) etc..

if the user logs out and tries to comeback to the previous page.. it should divert him to the login page,
like this there are many issues regarding secure session but these things you have to take care of using your code.. the Httpsession will not handle such scenorios
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
topping2 challenge 13 83
Non-recursive backtracking, using a stack 1 103
mockito example issue 8 64
servlet web applications   metadata-complete="true" or false 3 6
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now