Hello all,
i've been playing with
Struts for some time and really like the framework.
The thing i have been wondering is how the HTTP really works. For example when I'm doing a password secured application, I like to add a UserBean to the session scope when user goes through the LoginAction. The bean contains all the necessary information about the user I'll would like to have available while the user is using the application.
The question: is the UserBean really transferred to the client via HTTP or does the HTTP/app.server simply keep a somekind of a reference to the bean?
The reason I'm asking is that I've been wondering about the security issues. If the bean is really transferred to the client, can somebody with knowledge "decrypt" the bean and read all of its data?
Thanks.
- John