Currently, the ESME login requires a token. This is no problem when using Java, C#, etc. However, in clients that are based in the browser (such as pure-JavaScript clients - http://code.google.com/p/esmeproject/wiki/PureJavascript_messaging_clien t), the token is visible in the HTML source code. Obviously, this isn't very secure.
In the quest to use the long-polling features of the browser without revealing the token, we've been exploring various alternatives. We've tried logging-in via java, rewriting the JSESSIONID cookie to the browser and then using this cookie in subsequent REST API calls. This attempt failed inasmuch as ESME didn't accept the java-based session cookie for the JavaScript-based REST API calls. Anyone have any other ideas to deal with this issue? D.
