If I wanted to enable users to log in and out, what would be some good patterns of doing this in a stateless application?
Also, what are the top security concerns? I am thinking of doing this in Java.
Thanks,
Alex
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If I wanted to enable users to log in and out, what would be some good patterns of doing this in a stateless application?
Also, what are the top security concerns? I am thinking of doing this in Java.
Thanks,
Alex
If you cannot store session data in user’s browser (via cookie), this is probably very hard to achieve.
I’m not sure what you mean by “stateless” but if storing session key in user’s browser is not possible, you can always send this “key” in the HTML you produce. This “key” will be something you randomly generate (random enough that nobody can easily guess it). The “key” is only known by you and the user. Whenever the user requests a new page, he needs to “POST” or “GET” this key as HTTP parameter if the user wants to be identified as logged in.
Security concern for this is that if you do this over non-secure (http), the network can easily be sniffed. If you do it over SSL (https) it is probably more secure.