java - Obliterate the URL -
i have ajax application phone call servlet run study , homecoming pdf. works pretty well, except user presented web page have study name , client id. changing client id allow them run same study person. yikes!
i recall things url re-writing, used dubiously session management. wondering if modify url within servlet user gets can't hacked @ other reports. how go this?
also, have improve idea?
thanks.
simply utilize (anonymous) session id file part. , allow servlet stream file in file scheme adding session id.
this assumes command flow can't done easier because of ajax , doing 2 things @ once.
java java-ee
No comments:
Post a Comment