User induced session stomping?
Kevin P. Foote
kpfoote at iup.edu
Tue Aug 28 14:20:44 EDT 2012
After looking over what Scott does (much more elegant) and what I do currently
I'll be updating some things locally :-)
Scott mentioned earlier in this thread that he did not want to 'fence' the
users off. I looked back at my jsp routing of things and this seems what I
am doing, although I don't leave them stranded in a UI sense.
One good thing though, by using my jsp stop fence method I am able to see the
differences via logs between the user inflicted session stomping vs. the
generic back-button, bookmark, etc. 'no login context' errors.
Just another note I did discover that a lot of my errors, similar to
OP, this startup are deriving from mobile agents.. so perhaps Lukas has
something with his startup of saved tabs explanation.
------
thanks
kevin.foote
On Tue, 28 Aug 2012, Cantor, Scott wrote:
-> On 8/28/12 11:24 AM, "Christopher Bongaarts" <cab at umn.edu> wrote:
-> >
-> >Is there a reason you put your bean definition into a separate file
-> >instead of adding it to internal.xml?
->
-> I don't want to have to manually apply updates to that file if it changes.
->
-> >Does your example template use any functionality that would not be
-> >available via a standard JSP (i.e. could one port the template to JSP
-> >instead of using the Velocity Engine)?
->
-> Probably, but I don't know.
->
-> -- Scott
->
-> --
-> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
->
More information about the users
mailing list