Hi, for critical apps I use https. In every ajax call I just include session id for that user (session id assigned when login success) and I maintain a list of valid session Ids server side. So before processing any request I check if session id is in the list. Session id is removed from list in case of logout but you can add an expire time for sessions too.
hope this helps. Regards -- View this message in context: http://qooxdoo.678.n2.nabble.com/Rich-Internet-Application-Security-Questions-tp7105173p7107715.html Sent from the qooxdoo mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ qooxdoo-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
