Hi, 1) I used a hidden field wosid for prevent CSRF vulnerability for a standard WOnder application (<input type="hidden" name="wosid" value="wIrACwBfmFeiVyNcVMFkow"> ) . I just compare this hidden field with the real sessionID.
Now, I want to used the same protection in some ajaxified components. Problem : by default, the http post is partial and wosid is not sent. « fullSubmit = true » cannot be easily used in this app. Is there a way to config/adapt the Ajax Wonder framework so that the wosid will be always be added to the partial formValues ? 2) This application must be deployed in a Tomcat environment. I have seen a cookie with the Tomcat session JSessionID. Is there a way to access the Tomcat JSessionId in the WOnder app in order to compare it with the value in the cookie ? Thanks for any help Pierre _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
