0 Replies Latest reply on Apr 14, 2011 1:36 PM by David Beaumont

    Hiding session for a jsonp request

    David Beaumont Newbie


      I have created a json web service using JAX-RS and now need to make it accessible as jsonp. I have done this by checking for a callback query parameter in the request and wrapping the whole response using a filter.

      I would like to use the same filter to hide the session from servlets such as JAX-RS so that other web sites can't steal privileged information. Does this make sense, can it be done securely? Presumably the response would have to remove any cookies?