security « Session « Java Enterprise Q&A





1. Resolving Session Fixation in JBoss    stackoverflow.com

I need to prevent Session Fixation, a particular type of session hijacking, in a Java web application running in JBoss. However, it appears that the standard idiom

2. Impact of SSO on session time out    stackoverflow.com

I need to implement SSO between a windows domain and a J2EE web appliction. I've been thinking what the impact of this would be on the web application's session timeout. We have ...

3. jersey security and session management    stackoverflow.com

Is there a way for session management or security available programatically in Jersey specification. e.g. like a web-application session management. Or is transaction, session, security all handeled by the containor on ...

4. Java secure session    stackoverflow.com

Whenever you authenticate, your application should change the session identifier it uses. This helps to prevent someone from setting up a session, copying the session identifier, and then tricking a user ...

5. Session management : How to generate Authentication token for REST service ? (Jersey)    stackoverflow.com

I am trying to implement session management in my REST service. I came to know these guidelines while surfing :

  1. Not using server side sessions - it violates the RESTful principle.
  2. Using HTTP ...

6. Implementation of a Session-ID as part of HttpSession?    stackoverflow.com

I am developing a new kind of an HttpServer, I would like to support the HttpServer Java-like functionality how does one implement such a feature? All I know is that you need to generate ...

7. Secure Coding Compliance Assessment Session state must be managed    stackoverflow.com

A new corporate policy on Secure Coding was recently put into effect. The initial audit assessment tagged me deficient for:

Session state must be managed such that a session will withstand ...

8. User authentication management with user token and session management in java web application    stackoverflow.com

i am using devise and authlogic in rails that provide all user management functionality with email sending , session management ,token generation is there any ready api available in ...

9. Session Tracking and Security Checking    coderanch.com

I am trying to answer your question although I do not quite understand the question. This is an exercise that simulates an e-commerce environment. The design of this bookstore project is: A customer must first fill out a form that asks user ID and password. The customer is also provided options to view lists of books in different categories. The customer ...





10. session object security question    coderanch.com

Hello all, I have a quick theoretical question. How secure is the session object? Say, a user logs into my website. The password is verified, and his username is placed in the session object as a parameter/attribute. Are there any potential security holes if I use that parameter to determine who this user is for the rest of the site? We ...

11. Is session security enough?    coderanch.com