You can use a client/server intceptor pair to encrypt the session key so that it cannot be snooped and used by another user masquerading as the authenticated user.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856415#3856415 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856415 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
