Hi, Why do you care about the information in the request? Typically, you have a login page and the corresponding action stores the user object into the session. In all subsequent requests, you can check the user object in the session to determine which user did log in. This works for S1, but I'd think that it's the same in S2.
Cheers, Thorsten > -----Original Message----- > From: Sébastien LABEY [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 31, 2007 8:22 PM > To: Struts mailing list > Subject: [S2] User authentication best practice (2nd time...) > > Hi all (sorry for the previous unterminated mail), > > I would like to know if S2 provides a solution to manage user > authentication. > I also would like to know if someone could lead me to best practice for > user > creation / authentication to a web application. I'm worried about security > after the user has logged in, because of the parameters that appear in the > request. For example, the request that leads to user informations > modification shows the id of this user in the request, so I've to control > that the user id in the request is the same than the one in session (in > the > user object stored in session after login). > Do you have some best practices to help me...? > > thanks in advance > > Sebastien --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
