0 Replies Latest reply on Dec 9, 2009 11:47 AM by mike82

    How to secure pass customer id on ajax request

    mike82
      hi,

         I need to secure way of passing customer id to servlet on ajax request. I use ajax to make reservation by customer that is signed in to the application. The problem is how to let servlet know, that it's reservation made by given customer. If I pass the customer id or conversation as javascript argument, it can be modified, or run with different id. Currently I've used in my servlet class:

      new ContextualHttpServletRequest(request) {
                      @Override
                      public void process() throws Exception {
                          Customer customer = (Customer) Component.getInstance("customer");
      }.run();
      }

      to get data of customer, but in moments of large activity on the page, I had situations when customers claimed that they never made such reservation (made different). That looks like concurrency problem as the problem applied to two customers making two different reservations in the same second...