Thanks Sri. That makes complete sense. I'd totally forgotten about
CSRF.
On Dec 29, 11:12 am, Sripathi Krishnan
wrote:
> > *Also, in the discussion I saw about this, it was said that it was
> > more secure to send the session ID in the RPC itself instead of getting
> > it from the header/cookie.
>
> *Also, in the discussion I saw about this, it was said that it was
> more secure to send the session ID in the RPC itself instead of getting
> it from the header/cookie. Why is this? Does GWT add something extra like a
> hash to make sure the RPC hasn't been tampered with?*
*
*
*GWT doesn't do
Also, in the discussion I saw about this, it was said that it was more
secure to send the session ID in the RPC itself instead of getting it
from the header/cookie. Why is this? Does GWT add something extra like
a hash to make sure the RPC hasn't been tampered with?
On Dec 29, 9:24 am, Falcon wro
I'm trying to send the session ID with every RPC request my GWT
application makes and handle our login context. On the server, it
looks like you can handle that by overriding
onAfterRequestDeserialized() and onAfterResponseSerialized() (we don't
need to add any information to the outgoing payload,