At what point should I change the way Struts acquires the session token?
Posted
by Hanno Fietz
on Stack Overflow
See other posts from Stack Overflow
or by Hanno Fietz
Published on 2010-01-29T10:41:29Z
Indexed on
2010/04/08
20:23 UTC
Read the original article
Hit count: 282
It seems I have to find a different way to transmit the session token from a Flex client to a Struts backend without using cookies.
If I were to put the session token in the payload of a request, at what point would I have to customize Struts' behaviour so that I can reuse as much of the existing session handling as possible? In particular, I don't want to reimplement whatever security measures (such as tying a token to an IP) and configuration parameters (such as session expiration interval).
There's a CreateSession interceptor, rather early in the default stack, should I swap that with a subclassed version?
© Stack Overflow or respective owner