Hi Raj,
you could get sid value and put inside authentication form to user as
hidden field, After, when user invoke authentication action, you
could verify if sid value matches with real sessionID value.
look at this url
http://localhost:8080/SecurityTest/login.do?userId=sss&password=sss&step=Log
Hi ,
Can you please be more specific. I did not get you. When i click the button
and go to action it has sessionID. I will put it in form hidden value. But
what happens when i paste the url in browse which goes to action with GET
method and has session Id.
Can you please elaborate it more.
Than
