On 5/21/07, Carlos Ortiz wrote:
Hi ,
Is there a way for dont show jsessionid in the adress bar , for my app
it may be a potential problem with security ?¡
Whether the session id shows in the URL (and therefore the address
bar) or not makes no difference at all from a security perspective.
If it is not in the URL, then it is stored in a cookie, and a
potential attacker can just look at the cookie value to see what it
and also why some time is written and some other not. ?¡
The typical pattern goes like this:

* On the first request to an application, the servlet container
does not know whether you have cookies enabled, so it sends
the session id as *both* a URL path parameter and as a cookie.

* If the session id comes back in as a cookie, then the container
will assume you have cookies enabled and will stop sending
the session id as part of the URL.

* Otherwise, it will keep using URLs so that session affinity
can be maintained.


thx for the help

Something off topic but still in java any ideas how parse a date like
this "2007-03-22T00:00:00-06:00" to a Date or Calendar obj ?¡
yyyy-MM-ddThh:mm:ss-z ? <-- that does not work

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 2 | next ›
Discussion Overview
groupusers @
postedMay 21, '07 at 2:46p
activeMay 21, '07 at 5:14p

2 users in discussion

Craig McClanahan: 1 post Carlos Ortiz: 1 post



site design / logo © 2018 Grokbase