S
sbrissondeblecx
Guest
A session identifier does not implicitly mean that the user is authenticated. It's just there to differentiate the session ( client's browser). The old Webspeed framework took care to validate if the session id was valid and if the user was logged in and so on. It was using it's own cookie that was created at first request (let's call it "MYAPPCONTEXT"). I just want to rely on the spring JSESSIONID cookie instead (and discard the use of the old cookie name).
Continue reading...
Continue reading...