Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux

2010-08-25 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yawar, On 8/21/2010 12:42 AM, Yawar Khan wrote: > chris, i had a look at container managed authentication and its quite handy. > but > i couldnt see how i can add extra functionality like calling an encryption > function on password text field befo

Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux

2010-08-21 Thread Pid
-Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, August 20, 2010 3:41 AM > To: Tomcat Users List > Subject: Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux > > Yawar, > > On 8/19/2010 3:27 PM, Yawar Saeed Khan/ITG/Kara

RE: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux

2010-08-20 Thread Yawar Khan
, 2010 3:41 AM To: Tomcat Users List Subject: Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux   -BEGIN PGP SIGNED MESSAGE- Hash: SHA1   Yawar,   On 8/19/2010 3:27 PM, Yawar Saeed Khan/ITG/Karachi wrote: > your comments on my current code tells me that this code is not bad, > but I

Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux

2010-08-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yawar, On 8/19/2010 3:27 PM, Yawar Saeed Khan/ITG/Karachi wrote: > your comments on my current code tells me that this code is not bad, > but I should check out tomcat's container managed logins... right? This code seems to be doing more work than ne

Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux

2010-08-19 Thread Mark Eggers
/mde/ - Original Message From: Yawar Saeed Khan/ITG/Karachi To: Tomcat Users List Sent: Thu, August 19, 2010 12:27:08 PM Subject: RE: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux thanks for your constructive comments, as I mentioned that "bad, bad, bad" code is out. n

RE: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux

2010-08-19 Thread Yawar Saeed Khan/ITG/Karachi
mention that I have client side form validations (js) to stop query busters. From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thu 19-Aug-10 11:01 PM To: Tomcat Users List Subject: Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux -B

Re: [OT] Sessions mix-up on Tomcat 6.0.26 on Linux

2010-08-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yawar, I'm marking this as off-topic for /your/ request. I just have some comments for you. Take them or leave them. On 8/19/2010 11:53 AM, Yawar Saeed Khan/ITG/Karachi wrote: > Ok, let me share my source code with you... > > my index.jsp page has a

RE: OT: Sessions

2007-07-03 Thread Propes, Barry L
Users List Subject: Re: OT: Sessions -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vasu, [EMAIL PROTECTED] wrote: > The application has pretty decent authentication mechanism that > differentiates between users, roles and permissions etc. What the > application need to maintain

Re: OT: Sessions

2007-06-28 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vasu, [EMAIL PROTECTED] wrote: > The application has pretty decent authentication mechanism that > differentiates between users, roles and permissions etc. What the > application need to maintain is user object information specifically > - name, ro

Re: OT: Sessions

2007-06-28 Thread David Smith
The problem is you are allowing two users to login to what tomcat sees as the same browser window. When you do Ctrl-N from IE or just anything method of creating a new window from Firefox, it's on the same process and has access to all the same cookies as the first one. To handle the issue pr

Re: OT: Sessions

2007-06-27 Thread 吴熊敏
the same browser (in FireFox) and Ctrl-N from IE?? That means that you are using the same session So you can't avoid overwriting the last session,i think. You can open a new browser window to avoid overwriting session. On Wed, 27 Jun 2007 5:31:19 -0700 <[EMAIL PROTECTED]> wrote: > Hi: >

Re: OT: Sessions

2007-06-27 Thread vnug
Hi: Thanks David, Chris and Martin for the responses. I appreciate them. May be I didn't explain the situation properly in my posting. I will try to explain better - The application has pretty decent authentication mechanism that differentiates between users, roles and permissions etc. What t

Re: OT: Sessions

2007-06-27 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vasu, [EMAIL PROTECTED] wrote: > Since we are using Session Attributes to keep track of User > Information - this gets mangled when we try to login to application > from the same browser (in FireFox) and Ctrl-N from IE (in other words > the person who

Re: OT: Sessions

2007-06-27 Thread David Smith
One possibility is to check for a pre-existing open login on login. If one is detected, return an error something to the effect of "please log off first". Offer a log-off button/link that invalidates the session and returns the user to a welcome page. Maintaining both logins is trickier and

OT: Sessions

2007-06-27 Thread vnug
Hi: We have an Enterprise application that uses sessions to keep track of User Information (name, role, dept). This information is used against the user when logging out, checking credentials and displaying user information. Since we are using Session Attributes to keep track of User Informatio