Comments on: Promptless Logins For J2EE?

By: Adrian Sutton

Adrian Sutton — Tue, 06 Sep 2005 11:41:22 +0000

hmm, matching to an IP would probably work for us but generally isn’t a good idea. Often companies have a NAT box that directs requests out via different interfaces and thus get different IPs for the same user. It would probably work for this webapp though because it’s designed to be internal use rather than public use. Worst case it could be made a configuration option.

By: Chris Deigan

Chris Deigan — Tue, 06 Sep 2005 09:27:15 +0000

Keep IP-specific keys for each user and use cookies.. everytime a user logs in from a box, it checks the key in the cookie against the key stored for that user for that IP.

I’m not a JSP/whatever coder, but that’s one possible way of stabbing.. depends on your authentication back-end though, could be fun on your system load, maybe, too.