Hi all,
I am currently integrating a new feature to my website. Basically, the feature will enable people to post data into my website from the third party pages hosted in other websites but launched in a iframe from my website. I am using a HTTP handler to handle the post request. However, I found that some pages using Java Applet will not maintain the session and cookie from my website (at least i cannot find the session or cookie in the context object). Moreover, since it is a web request, i cannot require the log in.
Under this circumstance, how can I secure my HTTP handler? it can be directly accessed via internet and post the data into my website.
By the way, I can send a string to the third party page and the string will be posted back, but the string is visible by the user.
Anyone has good idea towards my issue?
Thank you.
Jessie