java - Client side sessions -

-

I want customers of many related web applications to have their own authentication status. This improves scalability, since no session replication is required between cluster nodes. And it makes it easy to integrate various server technologies like Java servers and PHP.

My plan is as follows:

  1. Set up a signed and encrypted cookie with the user name and session end time after client authentication.
  2. The client sends a request, the cookie cookie values ​​the values ​​and validates or denies access based on the cookie values.
  3. The expiry of the session will be updated through resetting cookies.

All servers that want to use the session are only to know the cookie mechanism and decryption keys. Also see:

Is this approach okay? Would it be possible to integrate it into a servlet container / application server, so that it is transparent for applications? A servlet should be able to use HttpServletRequest #getRemoteUser () for example. Is this possible? Or do I need something like spring security than the container level? Are there any existing libraries for client side management sessions?

It is not a good idea to end the session and point to the client fully pointing to the username The only dangerous IMO is not encrypted, or even if the concept is technically safe in itself (I can not answer in depth, I am not an encryption expert), by obtaining your encryption key, your server Easy to break-in without compromising Can be made.

Anyone holding a key can generate session cookies at that time, for any user at any time , for a period of time The classical session is designed to prevent the concept

For this problem, there are better and scalable solutions. For example, why not set a central session verification example that all affiliate servers and services are selected Could? Look around the web, I'm 100% sure that there are solutions designed to meet your needs.


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more