[OWASP-ESAPI] Shameless Blog Plug

Dan Cornell dan at denimgroup.com
Thu Aug 6 13:47:42 EDT 2009


> I have been, and will continue to be talking about ESAPI on my
> relatively new blog so it would be awesome to get everyone here over
to
> read and follow and comment and so forth and start building my blogs
> footprint on the interwebz.
> 
> You can check it out at http://yet-another-dev.blogspot.com
> 

You made a great point that I've seen come up a couple of times recently
in this post:
<http://yet-another-dev.blogspot.com/2009/08/synchronizing-httpsession.h
tml>

Would it make sense to add an ESAPI method that would return:

request.getSession().getId().intern()

Perhaps a method like:

getSessionSynchronizationObject()

I'd need to re-review the API docs to see exactly where this might fit
best, but that might be a way to promote the "correct" use of session
synchronization.

Of course, if you know that there is a "correct" way to do session
synchronization, you probably already know how to do this and wouldn't
need a helper method :)

Thanks,

Dan



More information about the OWASP-ESAPI mailing list