You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Anthony Smith <an...@fedex.com> on 2002/05/22 17:52:16 UTC

RunData Obect & Sessions

In JLoginUser if I add some stuff to a session do I have to add it using the
RunData object?


I am setting some stuff in a session and I used:
data.getSession().setAttribute(current_username, "username");

and it workd but I send it back to the login page do a new submit and hence
I loose the sessions variables I created, how can I keep them.

Basically I am doing something where after 3 bad login attempts for a user
they are disabled, and they are returned back to the login page telling them
that, but each time I return to the login page after less than 3 login
attempts the counter for number of bad login attempts gets lost.


Help


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: RunData Obect & Sessions

Posted by "David G. Powers" <je...@pssp.com>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 22 May 2002 08:52 am, Anthony Smith wrote:
> Basically I am doing something where after 3 bad login attempts for a
> user they are disabled, and they are returned back to the login page
> telling them that, but each time I return to the login page after less
> than 3 login attempts the counter for number of bad login attempts gets
> lost.

I realize this doesn't solve the issue with session vars but...

Have a look at JetpseedResources.properties (I'm using a recent CVS 
version).  There are some settings that may be of interest to you:

# Auto-Account-Disable Feature         
services.JetspeedSecurity.logon.auto.disable=true

# 3 logon strikes per 300 seconds and your out
services.JetspeedSecurity.logon.strike.count=3
services.JetspeedSecurity.logon.strike.interval=300
# dont allow more than 10 over any time period
services.JetspeedSecurity.logon.strike.max=10

Have you tried setting "logon.strike.max=3"?


DP

- -- 
David G. Powers
PowerSource

-----BEGIN PGP SIGNATURE-----
Comment: Verify the authenticity of this message with the public key available at http://pssp.com/dgp_pk.asc

iD8DBQE869UrjmjAPDT0/nERAj1zAJwKFiqqmQhpDt4mHo2WoqF32XWbywCeP34M
pykjhqPCPQCw6quZV64nDl0=
=z9wa
-----END PGP SIGNATURE-----

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>