struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale Newfield <>
Subject Re: Struts 2 session problem
Date Tue, 20 Jan 2009 06:38:21 GMT wrote
> I agree with ya.  I have been doing something very similar with
> hidden fields in my app for some time.

If every request in your app is a POST, or if every link in your app is 
javascript that causes a POST, that's fine.  I like using actual links, 
though, which result in GETs, so the only way to include this token in 
every link results in ugly, non-human-readable, likely not bookmarkable 
URLs.  I work very hard to make sure that my apps have clean, 
human-understandable urls, so I find this "solution" more of a problem 
than the "one login session per http session" restriction.  I would also 
find a site designed this way to be quite annoying to use, as I often 
open multiple windows/tabs/etc. *expecting* them to be within the same 


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message