PaulDotCom mailing list archives
Re: Session management
From: k41zen Me <k41zen () me com>
Date: Wed, 03 Nov 2010 18:51:08 +0000
So the only cookie (JESSIONID) sent is by Firefox right from the very first GET request and this never changes. Could it be using this one? I would expect a new cookie after auth but there isn't one. The server doesn't send anything. I've read a bit around the JESSIONID cookie and how it differs from IE to Firefox and tabbed pages. If it is using this how are they generated? How unique are they? On 3 Nov 2010, at 14:21, Jim Halfpenny wrote:
IP authentication is one possible method I've seen in some VOIP devices. Once you send your credentials all requests from your IP are authorised as that user. It could also be taking an existing cookie set when you first visit and reusing this as your authentication token. Are there any other cookies set by this server? Jim On 2 November 2010 21:09, k41zen Me <k41zen () me com> wrote:I'm struggling to see any session management taking place between the browser (Firefox) and a Tomcat app. The server returns no "Set-Cookie" header, there's no session info contained within the URL, the browser isn't sending auth with each request and I can't see any data within the requests that could be providing session info. Is there some other way this could be provided? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Session management k41zen Me (Nov 03)
- Re: Session management Jim Halfpenny (Nov 03)
- Re: Session management k41zen Me (Nov 03)
- Re: Session management Jim Halfpenny (Nov 04)
- Re: Session management David Porcello (Nov 04)
- Re: Session management k41zen Me (Nov 05)
- Re: Session management Jim Halfpenny (Nov 05)
- Re: Session management Butturini, Russell (Nov 05)
- Re: Session management k41zen Me (Nov 03)
- Re: Session management Jim Halfpenny (Nov 03)