users@glassfish.java.net

Re: Webtier one pager for review

From: Dominik Dorn <dominik.dorn_at_gmail.com>
Date: Sat, 22 May 2010 09:10:36 +0200

Hello,

support against Session Fixation attacks (through changing the
session-id after login) should also be in 3.1. web tier. It was
discussed a few times on this list and
is already implemented in Tomcat.

For session-sharing: It would be good, if session sharing would be
done in a similar
way terracotta is doing it, meaning just transferring differences
instead of serializing
the whole session object and distributing it then. In my opinion, it
would be wise to review how much of actual terracotta could be reused
for glassfishs HA....
why always reinvent the wheel? :)

As for the rename sun-web.xml -> glassfish-web.xml : I assume "old
sun-web.xml" will still be parsed correctly, so that applications
don't have to be changed, right?

I'm not sure, if this belongs to the web-tier (I think it may be a
grizzly issue), but: Will support for WebSockets be added to GF3.1 ?


KR,
Dominik

-- 
Dominik Dorn
http://dominikdorn.com
Tausche Deine Lernunterlagen auf http://www.studyguru.eu/at/tuwien/ !