Struts and web browser already verified it for you. The whole point of
establishing a session is to correlate a browser to the server.
Browser already sends a cookie containing session ID to the server
along with each request. So as long as you can retrieve the user
object from the session, corresp
But if the user is in the session, then we know that when he submits a
request, or at least when that browser submits a request it is the user
who is in the session. You could store roles for the user in the session
also and then just use the session.. if the role is not present populate
it from th
2 matches
Mail list logo
