Be aware of cookie stealing. musachy
On Thu, Jun 26, 2008 at 10:32 AM, Al Sutton <[EMAIL PROTECTED]> wrote: > I was thinking more along the lines of encrypting the userId and password > hash using AES, store the value in the cookie, then if the cookie is > available during another session decrypt, check everything matches, and let > them back in. > > That way it avoids trying to maintain sync between the user and the server. > > Al. > > Lukasz Lenart wrote: >> >> I think there isn't any solution in Struts2, so then, implement that >> with cookies and save such cookie also on the server side in db, you >> can also allow such thing for selected users, etc. >> >> >> Regards >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "Hey you! Would you help me to carry the stone?" Pink Floyd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
