I've seen several posts on using tokens to prevent someone from going back in the history and resubmitting old username/password information to log in again. That seems to work fine with manual authentication. How would this work with container-managed security, since the container performs the authentication? I could check in every action for a valid token, but that defeats the purpose of container-managed security since I then need to code security logic in every action.
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
