Sanjay, Maybe the suggestion #1 is the one. Your server would return a random value as the session identifier, and then you send this value again in the iframe.
What do you think? On 9 maio, 02:55, Sanjay Patel <skpate...@gmail.com> wrote: > Hi Eduardorochabr, > > Thanks for the vital input. It is very much helpful. However, I would need > some further guidance on the roundabouts suggested: > > > 1) Include a "token" value in your first response json. Then you would > > send this "token" in each request, which would be used to find the > > session; > > > 2) Use the "opensocial_viewer_id" parameter as the session identifier. > > Actually, my case is to upload/download files. I am first doing a signed > makeRequest and storing the "opensocial_viewer_id" in session. Then, I am > uploading file through an iframe in the account of the person of the stored > opensocial_viewer_id. > > Now, while uploading the file if I pass opensocial_viewer_id as the token, > there are chances of hacking, as anybody can virtually provide any other > person's ID. > > Would be quite helpful if I can get some guidance on which pattern typically > to follow here. > > thanks, > Sanjay > > -- > RAD Solutions Private Limited > Bhubaneswar, Indiawww.radsolutions.co.in --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to opensocial-orkut+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---