|
This is a Java servlet filter (as per Servlet API 2.3). This filter lets you enforce an additional level of security for your HTTP sessions. For any session filter checks that IP address in the request is the same that was used when session was created. So in this case session ID could not be stolen for forming fake sessions. How to use it: a) download protectsessionsflt.jar and save it in WEB-INF/lib b) describe this filter in web.xml. You have to provide
an initial parameter redirect. This parameter describes an URL for redirection in case of
IP address in the request is not the same that was used originally.
<filter> <filter-name>ProtectSessionsFilter</filter-name> <filter-class>com.cj.protectsessions.ProtectSessionsFilter</filter-class> <init-param> <param-name>redirect</param-name> <param-value>your_page_for_fake_sessions</param-value> </init-param> </filter> c) describe a mapping for this filter in web.xml. E.g.:
<filter-mapping> <filter-name>ProtectSessionsFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping> in this example filter will be on for the each .jsp file. If target URL starts with http than request will be redirected. Otherwise filter assumes a local resource and forwards request. For downloading: Protect sessions package: protectsessionsflt.jar
See also JSOS - the largest collection of servlets and filters.
|
Also in JSOS:
|