Norbert Sándor <developer <at> erinors.com> writes: > I think that it can be solved by using some "standard" solutions: > - encrypting some user specific data (for example a random generated client > ID stored in the session)
A user may legitimately get "user=root" in a client side state in a particular page, but it doesn't mean that he can legitimately copy and paste that into the client side state of another page. > - encrypting a time stamp (or validity intervall) This will break the back button, right? -- Author of a book for learning Tapestry (http://www.agileskills2.org/EWDT) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
