Gordon Deline wrote:
>
> I've handled it in this manner and it works fine in my application. Each
> HttpRequest must provide a key value for looking up information about a specific
> user (i.e. parameter userid) using hidden fields and encoded URLs. This ID is
> then used to look up an object reference in the session (i.e. userid + "Root").
That doesn't solve the problem. If a user follows a URL containing this
ID and opens the link in a new window (unix-middle-click / using menu in
windows), then the two windows will have the same ID and then you
wouldn't be able to distinguish between requests comming from one window
and requests coming from the other.
That's why you need additional tricks such as checking the refererer
header.
- Jesper
--
CAPUT http://www.caput.com
Nygade 6, DK-1164 KBH K
Phone +45 33 12 24 42
Fax +45 33 91 24 42
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
