Distribute jsp session web application

Discussion in 'Javascript' started by ocean2005@hotmail.it, Oct 15, 2005.

  1. Guest

    Hi everybody,
    I explain my problems:

    Question 1:

    I need to integrate 2 web applications which runs in 2 different
    machine server (JBoss) in order to navigate them inside common session,
    with some sessionID or something like that.

    So, the scenario is:

    webApp1 -----> WServer1(https)
    webApp2 -----> WServer2(http)

    When from webApp1 I call with link the webApp2, I need by some way to
    tell webApp2 that only webApp1 is authorized to go on.
    The problem is that when I switch from https to http, the "url-referer"
    being lost and webApp2 can't recognize the caller!!!

    Anybody has some suggestions on how to fix it?

    Question 2:
    How can realize a jsp/servlet page in order to avoid malicius people to
    save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
    then use it in a new window browser to navigate on site without has
    been authenticated???

    Many many thanks in advance!!!
     
    , Oct 15, 2005
    #1
    1. Advertising

  2. On Sat, 15 Oct 2005 09:23:57 -0700, ocean2005 wrote:

    > Question 2:
    > How can realize a jsp/servlet page in order to avoid malicius people to
    > save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
    > then use it in a new window browser to navigate on site without has been
    > authenticated???


    You probably want to use a ticket there.

    Sincerely,
    Joachim
     
    Joachim Zobel, Oct 15, 2005
    #2
    1. Advertising

  3. HalcyonWild Guest

    wrote:
    >
    > Question 2:
    > How can realize a jsp/servlet page in order to avoid malicius people to
    > save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
    > then use it in a new window browser to navigate on site without has
    > been authenticated???



    First of all, never, never, show the password on a URL string. Avoid
    username too. Pass them along as session attributes. your second
    question automatically gets taken care of.
     
    HalcyonWild, Oct 17, 2005
    #3
  4. Oliver Wong Guest

    "HalcyonWild" <> wrote in message
    news:...
    >
    > wrote:
    >>
    >> Question 2:
    >> How can realize a jsp/servlet page in order to avoid malicius people to
    >> save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
    >> then use it in a new window browser to navigate on site without has
    >> been authenticated???

    >
    >
    > First of all, never, never, show the password on a URL string. Avoid
    > username too. Pass them along as session attributes. your second
    > question automatically gets taken care of.


    As a general rule of thumb, you should ask yourself "Should I allow my
    users to share this link or otherwise bookmark it?" if so, then use GET
    attributes as in the example above. Otherwise, use POST or a Session object
    as Halcyon advises.

    It may occasionally make sense to allow the username to appear in the
    query string; e.g. http://mysite.com/profile.jsp?username=Oliver if you want
    to let your users give their friends a direct link to their profile.

    - Oliver
     
    Oliver Wong, Oct 17, 2005
    #4
  5. wrote:

    > [...]
    > Question 1:
    > [...]


    Java != JavaScript

    > Question 2:
    > How can realize a jsp/servlet page in order to avoid malicius people to
    > save url (http://mysite.com?orderNr=123&UserName=aaa&Password=7654) and
    > then use it in a new window browser to navigate on site without has
    > been authenticated???


    Use POST requests instead of GET. This is off-topic all crossposted
    groups but alt.websites as well.

    > Many many thanks in advance!!!


    Your Exclamation Mark key is broken.


    PointedEars, F'up2 to the only crossposted group I have subscribed
     
    Thomas 'PointedEars' Lahn, Oct 18, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    3
    Views:
    410
    Thomas 'PointedEars' Lahn
    Oct 18, 2005
  2. Replies:
    1
    Views:
    1,177
    Martin Gregorie
    Apr 2, 2006
  3. Salman
    Replies:
    6
    Views:
    451
    James Kanze
    Apr 19, 2007
  4. Replies:
    3
    Views:
    636
    Juan T. Llibre
    May 12, 2008
  5. Neil Chambers

    how to distribute application?

    Neil Chambers, Sep 25, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    435
    Neil Chambers
    Sep 25, 2008
Loading...

Share This Page