Caldarale, Charles R wrote:
From: João Nuno Silva [mailto:jns...@gmail.com]
Subject: Re: POST replication
1) I want to have an authentication module that's independent of the
servlet container used (because I think this behavior of request replay
isn't a standard, but I might be wrong...);
The servlet spec requires that the container retain the original request so it
can be replayed if authentication succeeds.
Thanks for clarifying that!
2) I believe I can better optimize session creation to reduce memory
usage (because I won't save the previous request in session).
It doesn't really matter where you save the request; it will still consume the
same amount of heap space unless you slow things down by writing it to disk
(and thereby create a host of other problems for the normal path).
I think this way I can be more tolerable to DoS attacks from
unauthenticated users;
I don't see how that follows.
I was testing the possibility of sending just a token with the login
page and save the request to a persistent storage and when a successful
authentication arrived use that token to retrieve the request. This way
nothing was kept in memory and server stability was increased because
sessions would only be created for authenticated users. These were my
thoughts but I haven't done any memory usage profiling to back them up.
3) I'm learning a few things in the process of reinventing this wheel ;)
That one I'll buy.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
