Hi Eduardorochabr, Thanks for the vital input. It is very much helpful. However, I would need some further guidance on the roundabouts suggested:
> 1) Include a "token" value in your first response json. Then you would > send this "token" in each request, which would be used to find the > session; > > 2) Use the "opensocial_viewer_id" parameter as the session identifier. > Actually, my case is to upload/download files. I am first doing a signed makeRequest and storing the "opensocial_viewer_id" in session. Then, I am uploading file through an iframe in the account of the person of the stored opensocial_viewer_id. Now, while uploading the file if I pass opensocial_viewer_id as the token, there are chances of hacking, as anybody can virtually provide any other person's ID. Would be quite helpful if I can get some guidance on which pattern typically to follow here. thanks, Sanjay -- RAD Solutions Private Limited Bhubaneswar, India www.radsolutions.co.in --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---
