Can't we set your key in authorization header as a bearer token? On Fri, Nov 28, 2014 at 9:05 AM, Sameera Jayaratna <[email protected]> wrote:
> Hi, > > I'm working on Password recovery for ES, following [1]. > > According to [1], in the sequence of calls to the > *UserInformationRecoveryService, > *the key generated in one call needs to be passed to the next call for > verification. These calls occur in different views, so we need to pass the > keys from one view to the next. > > What is the best way to do this? > > > - passing as url parameters? > - storing them in the session? > > Is there any security concerns related to either approach? > Or is there a better way to do this? > > Any thoughts on this would be helpful. > > Thank you, > Sameera > > [1] https://docs.wso2.com/display/IS500/Recover+with+Secret+Questions > > -- > > > > *Thanks & Regards,Sameera Jayaratna Software Engineer; **WSO2 Inc. * > > *lean . enterprise . middleware | http://wso2.com <http://wso2.com> * > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Roshan Wijesena. Senior Software Engineer-WSO2 Inc. Mobile: *+94719154640* Email: [email protected] *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
