At what point should I change the way Struts acquires the session token?

Posted by Hanno Fietz on Stack Overflow See other posts from Stack Overflow or by Hanno Fietz
Published on 2010-01-29T10:41:29Z Indexed on 2010/04/08 20:23 UTC
Read the original article Hit count: 259

Filed under:

struts

|

session

|

interceptor

It seems I have to find a different way to transmit the session token from a Flex client to a Struts backend without using cookies.

If I were to put the session token in the payload of a request, at what point would I have to customize Struts' behaviour so that I can reuse as much of the existing session handling as possible? In particular, I don't want to reimplement whatever security measures (such as tying a token to an IP) and configuration parameters (such as session expiration interval).

There's a CreateSession interceptor, rather early in the default stack, should I swap that with a subclassed version?

© Stack Overflow or respective owner

Related posts about struts

Struts 1 - struts-taglib.jar is not being found by the web application

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using Struts-1. I have developed a struts-based web application. I am using struts tags in my JSP pages supplied in struts-taglib.jar by inserting the following lines in the JSP file: <%@ taglib prefix="html" uri="http://struts.apache.org/tags-html" %> <%@ taglib prefix="logic" uri="http://struts… >>> More
Struts 1 - struts-taglib.jar is not being found by my web application

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using Struts-1. I have developed a struts-based web application. I am using struts tags in my JSP pages supplied in struts-taglib.jar by inserting the following lines in the JSP file: <%@ taglib prefix="html" uri="http://struts.apache.org/tags-html" %> <%@ taglib prefix="logic" uri="http://struts… >>> More
Struts or Spring MVC or Struts & Spring?

as seen on Stack Overflow - Search for 'Stack Overflow'
I need some information to understand design decision: Is Struts a better choice than Spring MVC? I hear about Strus-Spring-Hibernae combo - Is struts used at MVC layer because its a matured framework than when compared to Spring MVC? Any one used this combination for projects or aware of issues? >>> More
struts.xml and struts-config.xml

as seen on Stack Overflow - Search for 'Stack Overflow'
What is the difference between struts.xml and struts-config.xml....is both are same or is there any difference >>> More
Implementing Struts 2 Interceptors using Struts 1

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I have a legacy application written with Struts 1. The only feature I was asked to add is to protect some actions. Currently any user can do whatever he/she wants. The idea is to allows all user see the data, but block modification operation, i.e. to modify data a user should log in. I… >>> More

Related posts about session

any clue in these logs why keyboard audio and internet are messed up

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Jun 7 00:01:18 Isis lightdm: pam_unix(lightdm-autologin:session): session opened for user mimi by (uid=0) Jun 7 00:01:18 Isis lightdm: pam_ck_connector(lightdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Jun 7 00:01:26 Isis polkitd(authority=local): Registered Authentication Agent for… >>> More
session variables lost between pages or use same variables

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Yesterday I learn many thing from you, especially from Marc and my problem was solved ( session variables lost between pages or use same variables ). But now I continue asking: I don't want to use Session ID(session.use_trans_sid = 1) between pages. But also I don't want to use same session… >>> More
WTSQuerySessionInformation returning empty strings

as seen on Stack Overflow - Search for 'Stack Overflow'
I've written a program which should query the Terminal Services API and print out some state information about the sessions running on a terminal services box. I'm using the WTSQuerySessionInformation function to do this and it's returning some data but most of the data seems to be missing... Does… >>> More
Can I set Session timeout for a specified Session variable differently than other Session Variables

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to set the timeout on a specific Session Variable in a .Net web application, but leave other Session variables alone. Is this possible? Example: I have 5 Session Variables Session(var1) Session(var2) Session(var3) Session(var4) Session(var5) I want to set it so that Session(var1) through… >>> More
PHP upgrade to 5.3 from 5.2, sessions no longer get stored

as seen on Server Fault - Search for 'Server Fault'
background link: http://stackoverflow.com/questions/7014945/php-upgrade-5-2-to-5-3-session-issue I have upgraded PHP on my 2008 std server from PHP 5.2 to PHP 5.3. Following the upgrade, sessions no longer work correctly. I have copied over the settings from my PHP.ini files which are applicable… >>> More