10:07 a.m.
Is it possible to dynamicly control session cookies (scope, domain, name,
value) on the fly based on the URL in a session handler or is the cookie
managed by the web server?
For instance if I want to generate a different cookie depending on the URL
with differeny keys, I generate a cookie based on the URL name that could
be scoped at different levels. I could have a url calls
https://apps.company.com/ and decide I want to scope the cookie at
company.com. Is this something I can do pragmatically?
Thanks
--
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein(a)tremolosecurity.com
<marc.boorshtein(a)tremolosecurity.com>
6:30 a.m.
At the moment the answer is 'sort of'.
This is controlled via the io.undertow.server.session.SessionConfig interface, however at
the moment there is no ability to make this pluggable. If you file a JIRA I will add
this.
Stuart
----- Original Message -----
From: "Marc Boorshtein"
<marc.boorshtein(a)tremolosecurity.com>
To: undertow-dev(a)lists.jboss.org
Sent: Monday, 14 October, 2013 5:07:54 PM
Subject: [undertow-dev] Customized Session Management?
Is it possible to dynamicly control session cookies (scope, domain, name,
value) on the fly based on the URL in a session handler or is the cookie
managed by the web server?
For instance if I want to generate a different cookie depending on the URL
with differeny keys, I generate a cookie based on the URL name that could be
scoped at different levels. I could have a url calls
https://apps.company.com/ and decide I want to scope the cookie at
company.com . Is this something I can do pragmatically?
Thanks
--
Marc Boorshtein
CTO Tremolo Security
marc.boorshtein(a)tremolosecurity.com
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev
7:15 a.m.
Actually I was wrong, we do already have this. You will need to write a ServletExtension
and then use thio.undertow.servlet.api.DeploymentInfo#setServletSessionConfig method.
For an example of using a ServletExtension see
http://undertow.io/documentation/servlet/using-non-blocking-handlers-with....
Stuart
----- Original Message -----
From: "Stuart Douglas" <sdouglas(a)redhat.com>
To: "Marc Boorshtein" <marc.boorshtein(a)tremolosecurity.com>
Cc: undertow-dev(a)lists.jboss.org
Sent: Tuesday, 15 October, 2013 1:30:29 PM
Subject: Re: [undertow-dev] Customized Session Management?
At the moment the answer is 'sort of'.
This is controlled via the io.undertow.server.session.SessionConfig
interface, however at the moment there is no ability to make this pluggable.
If you file a JIRA I will add this.
Stuart
----- Original Message -----
> From: "Marc Boorshtein" <marc.boorshtein(a)tremolosecurity.com>
> To: undertow-dev(a)lists.jboss.org
> Sent: Monday, 14 October, 2013 5:07:54 PM
> Subject: [undertow-dev] Customized Session Management?
>
> Is it possible to dynamicly control session cookies (scope, domain, name,
> value) on the fly based on the URL in a session handler or is the cookie
> managed by the web server?
>
> For instance if I want to generate a different cookie depending on the URL
> with differeny keys, I generate a cookie based on the URL name that could
> be
> scoped at different levels. I could have a url calls
> https://apps.company.com/ and decide I want to scope the cookie at
> company.com . Is this something I can do pragmatically?
>
> Thanks
>
> --
> Marc Boorshtein
> CTO Tremolo Security
> marc.boorshtein(a)tremolosecurity.com
>
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev
4055
days inactive
4056
days old
2 comments
2 participants
participants (2)
-
Marc Boorshtein -
Stuart Douglas