All good points. But isn't keeping this data on the client in an encrypted form just as safe as a session id? Given strong encryption, the only vulnerability I can see would be a replay attack, to which session is also vulnerable. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Permission-checking-on-client-side-tp5450587p5455037.html Sent from the Shiro User mailing list archive at Nabble.com.
- Re: Permission checking on client side ? Mike K
- Re: Permission checking on client side ? Les Hazlewood
- Re: Permission checking on client side ? Mike K
- Re: Permission checking on client side ? Les Hazlewood
- Re: Permission checking on client side ? Mike K
- Re: Permission checking on client sid... Les Hazlewood
- Re: Permission checking on client... Mike K
- Re: Permission checking on cl... Les Hazlewood
- Re: Permission checking on cl... Mike K
- Re: Permission checking on cl... Les Hazlewood
- Re: Permission checking on cl... Mike K
- Re: Permission checking on cl... Mike K
- Re: Permission checking on cl... Kalle Korhonen
- Re: Permission checking on cl... Mike K
- Re: Permission checking on cl... Kalle Korhonen
