Torsten Curdt wrote: > > >>...but that *is* important: if you would be using a flow based > >>authentication mechanism this is not a problem at all. > >> > > > > Why? If flow checks the authentication, I simply use a > continuation id > > from an authenticated user and I'm in the application. > > sure, same for any authentication mechanism that stores the > credentials inside the session. you cannot prevent that. > > it's like the key to your house. if you have it you are in! > that's how it is. otherwise you have to authenticate on each request. > > But I am glad "simply use a continuation id" > usually is not that simple ;-) > Yepp, that's true :)
Carsten
