I have created a json web service using JAX-RS and now need to make it accessible as jsonp. I have done this by checking for a callback query parameter in the request and wrapping the whole response using a filter.
I would like to use the same filter to hide the session from servlets such as JAX-RS so that other web sites can't steal privileged information. Does this make sense, can it be done securely? Presumably the response would have to remove any cookies?