Authentication information (user is logged in) must be stored on the
server side (session or database). It should not be given to the client,
because the client could manipulate it (setting isLoggedIn to true).
If you store it in the database you should use a non guessable random
number as a ke
The link
http://mail-archives.apache.org/eyebrowse/SummarizeList?listId=241
on
http://struts.apache.org/
seems to be broken.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
2 matches
Mail list logo
