Distribute jsp session web application - Weblogic

This is a discussion on Distribute jsp session web application - Weblogic ; Hi everybody, I explain my problems: Question 1: I need to integrate 2 web applications which runs in 2 different machine server (JBoss) in order to navigate them inside common session, with some sessionID or something like that. So, the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Distribute jsp session web application

  1. Distribute jsp session web application

    Hi everybody,
    I explain my problems:

    Question 1:

    I need to integrate 2 web applications which runs in 2 different
    machine server (JBoss) in order to navigate them inside common session,
    with some sessionID or something like that.

    So, the scenario is:

    webApp1 -----> WServer1(https)
    webApp2 -----> WServer2(http)

    When from webApp1 I call with link the webApp2, I need by some way to
    tell webApp2 that only webApp1 is authorized to go on.
    The problem is that when I switch from https to http, the "url-referer"
    being lost and webApp2 can't recognize the caller!!!

    Anybody has some suggestions on how to fix it?

    Question 2:
    How can realize a jsp/servlet page in order to avoid malicius people to
    save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
    then use it in a new window browser to navigate on site without has
    been authenticated???

    Many many thanks in advance!!!


  2. Re: Distribute jsp session web application


    ocean2005@hotmail.it wrote:
    >
    > Question 2:
    > How can realize a jsp/servlet page in order to avoid malicius people to
    > save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
    > then use it in a new window browser to navigate on site without has
    > been authenticated???



    First of all, never, never, show the password on a URL string. Avoid
    username too. Pass them along as session attributes. your second
    question automatically gets taken care of.


  3. Re: Distribute jsp session web application


    "HalcyonWild" wrote in message
    news:1129543854.293125.55740@g44g2000cwa.googlegro ups.com...
    >
    > ocean2005@hotmail.it wrote:
    >>
    >> Question 2:
    >> How can realize a jsp/servlet page in order to avoid malicius people to
    >> save url (http://mysite.com?orderNr=123&UserNa...&Password=7654) and
    >> then use it in a new window browser to navigate on site without has
    >> been authenticated???

    >
    >
    > First of all, never, never, show the password on a URL string. Avoid
    > username too. Pass them along as session attributes. your second
    > question automatically gets taken care of.


    As a general rule of thumb, you should ask yourself "Should I allow my
    users to share this link or otherwise bookmark it?" if so, then use GET
    attributes as in the example above. Otherwise, use POST or a Session object
    as Halcyon advises.

    It may occasionally make sense to allow the username to appear in the
    query string; e.g. http://mysite.com/profile.jsp?username=Oliver if you want
    to let your users give their friends a direct link to their profile.

    - Oliver



+ Reply to Thread