httpsession

What is the scope of an HTTP session?

萝らか妹 提交于 2019-12-18 10:42:32
问题 What exactly is the scope of an HTTP session? I've been googling this but can't seem to get a straight answer- A session is supposed to get cleared out "when a user closes their browser", but that's unclear to me- Does that mean closing the browser window, or quitting the browser application? Does a user with two browser windows open at the same time maintain two different sessions? And are browser tabs always part if the same session? 回答1: This will depend on how you are tracking sessions in

Session ID re-used after call to invalidate

强颜欢笑 提交于 2019-12-18 03:43:36
问题 I've inherited a pretty ancient JSP application (JDK 1.3.1_15) and am attempting to plug a session fixation hole. I'm successfully invalidating the current session after authentication using HttpSession.invalidate() however when the new session is created, the old session ID is re-used. <% // login.jsp if (authenticated) { request.getSession().invalidate(); // create new session and store data HttpSession session = request.getSession(); session.putValue(...); // etc response.sendRedirect(

Can OWIN middleware use the http session?

空扰寡人 提交于 2019-12-18 02:00:51
问题 I had a little bit of code that I was duplicating for ASP.NET and SignalR and I decided to rewrite it as OWIN middleware to remove this duplication. Once I was running it I noticed that HttpContext.Current.Session was null, and I didn't see any session object on the IOwinContext that my middleware has. Is it possible to access the http session from OWIN? 回答1: Yes, but it's quite a hack. It also won't work with SignalR because SignalR MUST run before session is acquired to prevent long session

Httpsession management in springMVC

核能气质少年 提交于 2019-12-17 23:12:53
问题 I am new to spring MVC and started to make a sample application by doing what I learned. I am planning to implement Session management in spring MVC. I found this one helpful. But I am not able to get it clearly. We add values to the session like HttpSession session = request.getSession(false); session.setAttribute("key", value); session.setAttribute("key1", value1); and later on we fetch values based on the keys like session.getAttrubute("key"); but in spring MVC, I could not see anything

How can I manually load a Java session using a JSESSIONID?

╄→尐↘猪︶ㄣ 提交于 2019-12-17 15:27:44
问题 I have a servlet which handles a multipart form post. The post is actually being made by a Flash file upload component embedded in the page. In some browsers, the Flash-generated POST doesn't include the JSESSIONID which is making it impossible for me to load certain information from the session during the post. The flash upload component does include cookie and session information within a special form field. Using this form field, I can actually retrieve the JSESSIONID value. The problem is

Spring 3 MVC accessing HttpRequest from controller

拜拜、爱过 提交于 2019-12-17 02:34:44
问题 I would like to handle request and session attributes myself rather then leave it to spring @SessionAttributes , for login of cookies handling for example. I just cant figure out how could I access the HttpRequest from within a controller, I need a way to go a layer above the @RequestAttribute and access the HttpRequest itself. With Stripes in used to do this by implementing an ApplicationContext and calling getAttribute() . Also, passing the HttpServletRequest as parameter seems not to be

Disable HTTPSession for stateless web services [duplicate]

丶灬走出姿态 提交于 2019-12-13 09:37:35
问题 This question already has answers here : Can I turn off the HttpSession in web.xml? (9 answers) Closed 3 years ago . I would like to know if it is possible to disable the HTTPSession for an application server handling only web services RESTful . I don't know if there are specific application servers or servlet containers designed to handle micro RESTful web services. I think that disabling completely the session concept will give the following advantages: Better performances No risk to save

Servlet JApplet: HttpSession

穿精又带淫゛_ 提交于 2019-12-13 07:30:12
问题 This sounds like a simple question but I can't find good information. I'm writing a small JApplet that will be sending some info to a server servlet I want to be able to track who is who so I want to put up a system of logging and and session. I found some information about httpsession but I can never find one information: Do I have to create a session object in my applet or is there an automatic system that creates the httpsession when I do something like this on the applet side

What method to use for logout in wicket application?

纵然是瞬间 提交于 2019-12-12 13:13:55
问题 Wicket org.apache.wicket.authroles.authentication.AuthenticatedWebSession has 2 methods: signOut and invalidate . The javac says that signOut mark use not logged in while invalidate do the same (e.g. call signOut ) but remove the logon data from where ever they have been persisted At first glace for logout action signOut should be called. But for security reasons session must be invalidated immediately after user logins or logouts. So from this point invalidate should be called. So what to

Websocket chat message does not prolong HttpSession

醉酒当歌 提交于 2019-12-12 03:52:59
问题 I have Java Spring Application, that has Chat endpoint served though WebSocket. User logs in using API calls and session has timeout 10 mins. In order to start Chat I have to connect to WebSocket endpoint. It does connect, no problem, but the thing is that: each chat message sent from client does not prolong logged in HttpSession, so after 10 mins it times out. How can I make chat message via WebSocket connecting to prolong HttpSession? Other words saying: how can I reset HttpSession timeout