You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Steve Conover <sc...@groundswell.net> on 2000/09/15 18:03:31 UTC
integrating XSP apps in an environment with other languages (ASP,
JSP)
I'm in a situation where we have a ton of stuff in ASP (sessions, logon,
etc) and I had to figure out a way to get my XSP app to seamlessly work with
the asp stuff. I think I have a good method...
I made an extra field in our user table to hold a long string, then I
modified out ASP login script grab the ASP sessionid from the HTTP_COOKIE
header and put it in the sessionid field in the logging-in user's row in the
database. I modified the logout script to go thru and erase the sessionID
from HTTP_COOKIE from anywhere it finds it in the database (hopefully only
in that user's row).
So at the top of each of my XSP files, I grab the asp sessionid from
HTTP_COOKIE, lookup the user with that sessionid in the database, and set a
variable in the java session to that userid. I think it's a pretty secure
method, the only restriction being that you can't log in as the same user on
two different machines and use the app at the same time (no big deal).
Just thought I'd share.
Regards,
Steve
> -----Original Message-----
> From: OD [mailto:od@feersumendjinns.com]
> Sent: Friday, September 15, 2000 7:53 AM
> To: cocoon-users@xml.apache.org
> Subject: Re: Off topic but imho important
>
>
> Hi,
>
> Hmm...
> Using session tracking via a sessionid will work and, I
> think, is a fairly
> standard way of achieving this.
> If you want to use JavaScript to encrypt you parameter values check:
> http://pajhome.org.uk/crypt/index.html
> http://www.builder.com/Programming/Scripter/013100/ss02.html
>
> Corey O'Donovan
>
> ----- Original Message -----
> From: Michael Bierenfeld <mi...@atmiralis.de>
> To: Cocoon User Mailing List <co...@xml.apache.org>
> Sent: Friday, September 15, 2000 2:05 PM
> Subject: Off topic but imho important
>
>
> > Hello out there,
> >
> > I am having the following Problem. We are
> > currently developing a website where security is
> > very important. Guess the following situation.
> >
> > XML - content :
> >
> > <link
> > target="http://www.some.site/display_user.xml?id=110">display</link>
> >
> > transferred to HTML-content
> >
> > <a
> > href="http://www.some.site/display_user.xml?id=110">display</a>
> >
> > The problem is that if the Browser display the
> > Page coming from Database. No one protects the
> > application from typing in the LOCATION-BAR :
> > http://www.some.site/display_user.xml?id=4711
> >
> > => user 110 is able to see the vital data from
> > user 4711. <= IMPOSSIBLE !!!!!
> >
> > Is there a way to hide the parameters in the
> > location bar. JavaScript is fine or maybe there is
> > a apache-setting. In the response Header or so. I
> > could imagine several ways :
> >
> > - Using a sessionid and store the values in some
> > sort of HashTable
> > - Crypt the parametersvalues and send it together
> > with a funny hashcode to avoid hits by accident
> >
> > Sorry for beeing OT.
> >
> > Kind regards
> >
> > Michael
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> > For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>