Hi all (sorry for the previous unterminated mail), I would like to know if S2 provides a solution to manage user authentication. I also would like to know if someone could lead me to best practice for user creation / authentication to a web application. I'm worried about security after the user has logged in, because of the parameters that appear in the request. For example, the request that leads to user informations modification shows the id of this user in the request, so I've to control that the user id in the request is the same than the one in session (in the user object stored in session after login). Do you have some best practices to help me...?
thanks in advance Sebastien
