getAllSessions (was licensing and security)

[Michael Wechner <mi...@wyona.org>]

Nathaniel Alfred wrote:

>>-----Original Message-----
>>From: Antonio Gallardo [mailto:agallardo@agsoftware.dnsalias.com
>>

<snip/>

>>    
>>
>
>Therefore, you should sell your customer at least the compromise, that
>the second login succeeds but dumps the first login.
>
>To implement that one only needs to loop over all existing sessions and
>expire immediately those with the same credentials.  (I have currently
>no idea, where this could be done.)
>
Well, good question. I think there used to be quite useful methods 
within the old servlet API, but
they all got deprecated.

But maybe this helps:

http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_20334258.html#1

Michael

>
>Cheers, Alfred.
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company. 
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
>For additional commands, email: cocoon-dev-help@xml.apache.org
>
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org

Re: getAllSessions (was licensing and security)

[Antonio Gallardo <ag...@agsoftware.dnsalias.com>]

Michael Wechner dijo:
> Nathaniel Alfred wrote:
>
>>>-----Original Message-----
>>>From: Antonio Gallardo [mailto:agallardo@agsoftware.dnsalias.com
>>>
>
> <snip/>
>
>>>
>>>
>>
>>Therefore, you should sell your customer at least the compromise, that
>> the second login succeeds but dumps the first login.
>>
>>To implement that one only needs to loop over all existing sessions and
>> expire immediately those with the same credentials.  (I have currently
>> no idea, where this could be done.)
>>
> Well, good question. I think there used to be quite useful methods
> within the old servlet API, but
> they all got deprecated.
>
> But maybe this helps:
>
> http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_20334258.html#1
>
> Michael

Good point Michael. Thanks for the info. Carsten alerted about the changes
in the new servlet API. This is a waiting change that will be address. If
I remember well, Carsten told that this will be corrected until april this
year. These is one of the reasons why the <xsp-session:getxml> was not
included in 2.1. :-(. But you can download it from the patch at bugzilla.
the error of the patch is 13070. (I remember that!)

The Cocoon developers does not want to add new features until the changes
to the session and authentication framework are done.

Maybe after that we will see another approach to this. Until then we can
use the current approach - Servlet API 2.2. And be prepared for the next
release of this stuff.

Best Regards

Antonio Gallardo.
>
>>
>>Cheers, Alfred.
>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>> If you receive this message in error, please notify the sender urgently
>> and then immediately delete the message and any copies of it from your
>> system. Please also immediately destroy any hardcopies of the message.
>> You must not, directly or indirectly, use, disclose, distribute, print,
>> or copy any part of this message if you are not the intended recipient.
>> The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>> message are those of the individual sender, except where the message
>> states otherwise and the sender is authorised to state them to be the
>> views of the sender's company.
>>
>>---------------------------------------------------------------------
>> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
>>For additional commands, email: cocoon-dev-help@xml.apache.org
>>
>>
>>
>
>
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org