Sessions and Security (Sun Java System Web Server 6.1 SP12 Programmer's Guide to Web Applications)

Sun Java System Web Server 6.1 SP12 Programmer's Guide to Web Applications

Previous: Sessions and URL Rewriting
Next: How to Use Sessions

Sessions and Security

The Sun Java System Web Server security model is based on an authenticated user session. Once a session has been created, the application user is authenticated (if authentication is used) and logged in to the session. Each interaction step from the servlet that receives a request does two things: generates content for a JSP to format the output, and checks if the user is properly authenticated.

Additionally, you can specify that a session cookie is only passed on a secured connection (that is, HTTPS), so the session can only remain active on a secure channel.

For more information about security, see Chapter 6, Securing Web Applications.

Previous: Sessions and URL Rewriting
Next: How to Use Sessions