0

Help for Session ZK Login Security

asked 2012-08-29 08:03:42 +0800

edpbra gravatar image edpbra
12

I get problem on Session ZK after Login Security:
My Class Login.Java

                HttpSession ses=(HttpSession) Sessions.getCurrent().getNativeSession();
                Security.setSes(ses);
                Security.setAtt(pdb.getIduser());
                Executions.sendRedirect("Main.zul");

My Class Security.java
public class Security {
    private static HttpSession ses;

    public static HttpSession getSes() {
        return ses;
    }

    public static void setSes(HttpSession ses) {
        Security.ses = (HttpSession) ses;
    }
    
    public static void setAtt(String val){
        ses.setAttribute("ruser",val);
    }
    public static void logout(){
        ses.removeAttribute("ruser");
        ses.invalidate();
    }
}

My Class Main.Java
       System.out.println(Security.getSes().getId());
       System.out.println(Security.getSes().getAttribute("ruser"));

the results of the session went well, if I have 2 user logged on the computer (1) and a computer (2), if the computer (1) login with the name dave, atrribute set session ("Ruser", textboxUser.getText ()) and the results get attribute ("Ruser") dave result, if the computer (2) login as admin, set the session attribute ("Ruser", textboxUser.getText ()) result admin, when the computer (1) in the browser refresh, why be an admin session? should right dave. Im used tomcat for testing coding.

delete flag offensive retag edit

3 Replies

Sort by ยป oldest newest

answered 2012-08-29 08:17:38 +0800

gganassin gravatar image gganassin flag of Luxembourg
540 6
http://www.hybris.com/

Hello!
You are missing the meaning of the STATIC keyword :)

Instead of storing the user's credentials in a static variable, store it in the Executions.getCurrent().getSession().
However there are a lot of small talks around the security topic in the documentation!

link publish delete flag offensive edit

answered 2012-08-29 08:52:29 +0800

terrytornado gravatar image terrytornado flag of Germany
9393 3 7 16
http://www.oxitec.de/

As gganassin said. Avoid static variables in a web application or use them carefully because it allows access from all users.
It's not the same as a static method call.

best
Stephan

link publish delete flag offensive edit

answered 2012-09-02 05:19:33 +0800

edpbra gravatar image edpbra
12

thank you all,its work.


Regards

Eagles

link publish delete flag offensive edit
Your reply
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow

RSS

Stats

Asked: 2012-08-29 08:03:42 +0800

Seen: 165 times

Last updated: Sep 02 '12

Related questions

Using controller

Error: Replicated language: xul/html

php

Window Overlapped

Echo/Casabac [closed]

OnClick on label

Problem with Checkbox [closed]

Look of a control [closed]

Documentation?

Combo Box

About Us | Faq | Help | Privacy Policy | Contact Us
Copyright Potix Corporation 2015.
Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More