JSPs are hardly static... in fact i do some of my scaffolding at the
start of a website displaying all the request info, headers, session,
everything but the kitchen sink... Just to make sure i can have the
whole picture... in fact i'm doing that right now in my current
project. You could initialize the variable and send it as part of the
page or even make a function, as long as you keep in mind that the
info could have changed.
<% if(request.getHeader("blah") != null) { out.println("<script>var
blah = " + request.getHeader("blah") + ";</script>"); } %>
or <%... "function isBlah() { return " + request.getHeader("blah") +
";}" %>
a JSP is as static as you make it.
On Jul 30, 3:52 pm, Jaroslav Záruba <[email protected]> wrote:
> On Fri, Jul 30, 2010 at 10:47 PM, Onestone <[email protected]> wrote:
> > Why not simply initialize a JS variable in the page HTML for logged-in
> > users, and then simply checking for it? There's no security
> > vulnerability in doing that, as any part of the client-side code can
> > be manipulated anyway.
>
> this is not applicable when you serve static content (pre-compiled JSPs for
> example)
>
>
>
> > On Jul 30, 10:13 pm, Jeff Schwartz <[email protected]> wrote:
> > > I think that for security reasons the headers aren't readily accessible.
> > If
> > > they were you can imagine the hacks the malcontents would be making using
> > > them.
>
> > > The idea of using a light weight ajax call is perfect for this. The call
> > > back on the client would only need to receive a boolean yes/no wrapped in
> > a
> > > json object to resolve the question. That's rather a secure mechanism in
> > my
> > > opinion. On the server, a user object could be stored in session state to
> > > indicate he/she is logged in. So the processing on the server is minimal.
> > In
> > > fact, I use this same technique in all my applications including those
> > for
> > > other platforms.
>
> > > Other than those that are forced upon me - such as session id - I avoid
> > > using cookies.
>
> > > Just my $0.02.
>
> > > 2010/7/30 Jaroslav Záruba <[email protected]>
>
> > > > ...which leads me again to wishing for http-headers being accessible in
> > JS.
> > > > :(
>
> > > > 2010/7/30 Jaroslav Záruba <[email protected]>
>
> > > > On Fri, Jul 30, 2010 at 8:44 PM, Ikai L (Google) <[email protected]
> > >wrote:
>
> > > >>> The "correct" way is to make a request back to your application in
> > > >>> Javascript. You can do cookie hacks, but these have a tendency to be
> > brittle
> > > >>> and hard to manage.
>
> > > >> My understanding is that the original poster wants to have that
> > > >> information at hand *without* any further trips to server, and (most
> > > >> importantly) only as kind of hint. Obviously I don't use that cookie
> > as
> > > >> authorization or password. :)
>
> > > >>> On Fri, Jul 30, 2010 at 11:18 AM, Jaroslav Záruba <
> > > >>> [email protected]> wrote:
>
> > > >>>> I'm keeping a cookie for that.
>
> > > >>>> On Fri, Jul 30, 2010 at 8:13 PM, Saqib Ali <[email protected]
> > >wrote:
>
> > > >>>>> How do I check if the user is currently logged in using their
> > Google
> > > >>>>> Account in Javascript? I can set some hidden field to do that, but
> > is
> > > >>>>> there a more elegant way to do this?
>
> > > >>>>> saqib
>
> > > >>>>> --
> > > >>>>> You received this message because you are subscribed to the Google
> > > >>>>> Groups "Google App Engine" group.
> > > >>>>> To post to this group, send email to
> > [email protected]
> > > >>>>> .
> > > >>>>> To unsubscribe from this group, send email to
> > > >>>>> [email protected]<google-appengine%[email protected]>
> > <google-appengine%[email protected]<google-appengine%252bunsub[email protected]>
>
> > > >>>>> .
> > > >>>>> For more options, visit this group at
> > > >>>>>http://groups.google.com/group/google-appengine?hl=en.
>
> > > >>>> --
> > > >>>> You received this message because you are subscribed to the Google
> > > >>>> Groups "Google App Engine" group.
> > > >>>> To post to this group, send email to
> > [email protected].
> > > >>>> To unsubscribe from this group, send email to
> > > >>>> [email protected]<google-appengine%[email protected]>
> > <google-appengine%[email protected]<google-appengine%252bunsub[email protected]>
>
> > > >>>> .
> > > >>>> For more options, visit this group at
> > > >>>>http://groups.google.com/group/google-appengine?hl=en.
>
> > > >>> --
> > > >>> Ikai Lan
> > > >>> Developer Programs Engineer, Google App Engine
> > > >>> Blog:http://googleappengine.blogspot.com
> > > >>> Twitter:http://twitter.com/app_engine
> > > >>> Reddit:http://www.reddit.com/r/appengine
>
> > > >>> --
> > > >>> You received this message because you are subscribed to the Google
> > Groups
> > > >>> "Google App Engine" group.
> > > >>> To post to this group, send email to
> > [email protected].
> > > >>> To unsubscribe from this group, send email to
> > > >>> [email protected]<google-appengine%[email protected]>
> > <google-appengine%[email protected]<google-appengine%252bunsub[email protected]>
>
> > > >>> .
> > > >>> For more options, visit this group at
> > > >>>http://groups.google.com/group/google-appengine?hl=en.
>
> > > > --
> > > > You received this message because you are subscribed to the Google
> > Groups
> > > > "Google App Engine" group.
> > > > To post to this group, send email to [email protected]
> > .
> > > > To unsubscribe from this group, send email to
> > > > [email protected]<google-appengine%[email protected]>
> > <google-appengine%[email protected]<google-appengine%252bunsub[email protected]>
>
> > > > .
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/google-appengine?hl=en.
>
> > > --
> > > --
> > > Jeff
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Google App Engine" group.
> > To post to this group, send email to [email protected].
> > To unsubscribe from this group, send email to
> > [email protected]<google-appengine%[email protected]>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/google-appengine?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine?hl=en.
