You might notice I did not write 'JSPs' but rather 'pre-compiled JSPs'. And those are very static indeed. :)
On Sun, Aug 1, 2010 at 4:14 AM, Luis Daniel Mesa Velasquez < [email protected]> wrote: > JSPs are hardly static... in fact i do some of my scaffolding at the > start of a website displaying all the request info, headers, session, > everything but the kitchen sink... Just to make sure i can have the > whole picture... in fact i'm doing that right now in my current > project. You could initialize the variable and send it as part of the > page or even make a function, as long as you keep in mind that the > info could have changed. > > <% if(request.getHeader("blah") != null) { out.println("<script>var > blah = " + request.getHeader("blah") + ";</script>"); } %> > > or <%... "function isBlah() { return " + request.getHeader("blah") + > ";}" %> > > a JSP is as static as you make it. > > On Jul 30, 3:52 pm, Jaroslav Záruba <[email protected]> wrote: > > On Fri, Jul 30, 2010 at 10:47 PM, Onestone <[email protected]> wrote: > > > Why not simply initialize a JS variable in the page HTML for logged-in > > > users, and then simply checking for it? There's no security > > > vulnerability in doing that, as any part of the client-side code can > > > be manipulated anyway. > > > > this is not applicable when you serve static content (pre-compiled JSPs > for > > example) > > > > > > > > > On Jul 30, 10:13 pm, Jeff Schwartz <[email protected]> wrote: > > > > I think that for security reasons the headers aren't readily > accessible. > > > If > > > > they were you can imagine the hacks the malcontents would be making > using > > > > them. > > > > > > The idea of using a light weight ajax call is perfect for this. The > call > > > > back on the client would only need to receive a boolean yes/no > wrapped in > > > a > > > > json object to resolve the question. That's rather a secure mechanism > in > > > my > > > > opinion. On the server, a user object could be stored in session > state to > > > > indicate he/she is logged in. So the processing on the server is > minimal. > > > In > > > > fact, I use this same technique in all my applications including > those > > > for > > > > other platforms. > > > > > > Other than those that are forced upon me - such as session id - I > avoid > > > > using cookies. > > > > > > Just my $0.02. > > > > > > 2010/7/30 Jaroslav Záruba <[email protected]> > > > > > > > ...which leads me again to wishing for http-headers being > accessible in > > > JS. > > > > > :( > > > > > > > 2010/7/30 Jaroslav Záruba <[email protected]> > > > > > > > On Fri, Jul 30, 2010 at 8:44 PM, Ikai L (Google) < > [email protected] > > > >wrote: > > > > > > >>> The "correct" way is to make a request back to your application > in > > > > >>> Javascript. You can do cookie hacks, but these have a tendency to > be > > > brittle > > > > >>> and hard to manage. > > > > > > >> My understanding is that the original poster wants to have that > > > > >> information at hand *without* any further trips to server, and > (most > > > > >> importantly) only as kind of hint. Obviously I don't use that > cookie > > > as > > > > >> authorization or password. :) > > > > > > >>> On Fri, Jul 30, 2010 at 11:18 AM, Jaroslav Záruba < > > > > >>> [email protected]> wrote: > > > > > > >>>> I'm keeping a cookie for that. > > > > > > >>>> On Fri, Jul 30, 2010 at 8:13 PM, Saqib Ali < > [email protected] > > > >wrote: > > > > > > >>>>> How do I check if the user is currently logged in using their > > > Google > > > > >>>>> Account in Javascript? I can set some hidden field to do that, > but > > > is > > > > >>>>> there a more elegant way to do this? > > > > > > >>>>> saqib > > > > > > >>>>> -- > > > > >>>>> You received this message because you are subscribed to the > Google > > > > >>>>> Groups "Google App Engine" group. > > > > >>>>> To post to this group, send email to > > > [email protected] > > > > >>>>> . > > > > >>>>> To unsubscribe from this group, send email to > > > > >>>>> [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]> > > > <google-appengine%[email protected]<google-appengine%[email protected]> > <google-appengine%252bunsub[email protected]> > > > > > > >>>>> . > > > > >>>>> For more options, visit this group at > > > > >>>>>http://groups.google.com/group/google-appengine?hl=en. > > > > > > >>>> -- > > > > >>>> You received this message because you are subscribed to the > Google > > > > >>>> Groups "Google App Engine" group. > > > > >>>> To post to this group, send email to > > > [email protected]. > > > > >>>> To unsubscribe from this group, send email to > > > > >>>> [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]> > > > <google-appengine%[email protected]<google-appengine%[email protected]> > <google-appengine%252bunsub[email protected]> > > > > > > >>>> . > > > > >>>> For more options, visit this group at > > > > >>>>http://groups.google.com/group/google-appengine?hl=en. > > > > > > >>> -- > > > > >>> Ikai Lan > > > > >>> Developer Programs Engineer, Google App Engine > > > > >>> Blog:http://googleappengine.blogspot.com > > > > >>> Twitter:http://twitter.com/app_engine > > > > >>> Reddit:http://www.reddit.com/r/appengine > > > > > > >>> -- > > > > >>> You received this message because you are subscribed to the > Google > > > Groups > > > > >>> "Google App Engine" group. > > > > >>> To post to this group, send email to > > > [email protected]. > > > > >>> To unsubscribe from this group, send email to > > > > >>> [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]> > > > <google-appengine%[email protected]<google-appengine%[email protected]> > <google-appengine%252bunsub[email protected]> > > > > > > >>> . > > > > >>> For more options, visit this group at > > > > >>>http://groups.google.com/group/google-appengine?hl=en. > > > > > > > -- > > > > > You received this message because you are subscribed to the Google > > > Groups > > > > > "Google App Engine" group. > > > > > To post to this group, send email to > [email protected] > > > . > > > > > To unsubscribe from this group, send email to > > > > > [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]> > > > <google-appengine%[email protected]<google-appengine%[email protected]> > <google-appengine%252bunsub[email protected]> > > > > > > > . > > > > > For more options, visit this group at > > > > >http://groups.google.com/group/google-appengine?hl=en. > > > > > > -- > > > > -- > > > > Jeff > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Google App Engine" group. > > > To post to this group, send email to [email protected] > . > > > To unsubscribe from this group, send email to > > > [email protected]<google-appengine%[email protected]> > <google-appengine%[email protected]> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/google-appengine?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
