当表单提交时我读隐藏表单字段与用户的会话令牌比较。
When form is submitted I read hidden form field and compare it with token in user session.
JSF通常通过会话、隐藏表单字段、cookies等进行实际的存储和状态管理。
JSF does the actual storage and state management, typically though a session, a hidden form field, cookies, etc.
在客户端用HTTP cookie或者隐藏表单字段存储会话状态有很大的安全风险——它将应用程序的一部分内部内容暴露给了非受信任的客户层。
Storing session state in the client using HTTP cookies or hidden form fields has significant security risks — it exposes a part of your application internals to the untrusted client layer.
应用推荐