At what point should I change the way Struts acquires the session token?

Posted by Hanno Fietz on Stack Overflow See other posts from Stack Overflow or by Hanno Fietz
Published on 2010-01-29T10:41:29Z Indexed on 2010/04/08 20:23 UTC
Read the original article Hit count: 282

Filed under:
|
|

It seems I have to find a different way to transmit the session token from a Flex client to a Struts backend without using cookies.

If I were to put the session token in the payload of a request, at what point would I have to customize Struts' behaviour so that I can reuse as much of the existing session handling as possible? In particular, I don't want to reimplement whatever security measures (such as tying a token to an IP) and configuration parameters (such as session expiration interval).

There's a CreateSession interceptor, rather early in the default stack, should I swap that with a subclassed version?

© Stack Overflow or respective owner

Related posts about struts

Related posts about session