Surendra Babu

+ Follow
since Jun 19, 2007
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Surendra Babu

Thank you Bill.

Yes, we're making sure that token gets invalidated after a specific time. We're including the time stamp into the token. When data is decrypted, If the time stamp is more than acceptable threshold, token gets invalidate user is sent back for login.
13 years ago
Hi All,
Thank you for such a wonderful forum. Here is my question

Want to pass info from to :
(user) --> (for authentication) --> (for content browsing)

I have a website called,
which authenticates the user package the user info (userid, email) and encrypt into a variable.
Now I need to pass this (encrypted string) information to another site (completely different domain, a third party site). know how to decrypt and validate the token information.

Trying to pass though HTTP Header, but Failed:
I have been thinking of passing this variable (Token) through HTTP Headers (as a HTTP header variable). But, I wasn't able to do this. I used this code:
response.addHeader("MS-TOKEN", "testing token value");

I can see the header variables getting to browser, but they are missing into "" request from the browser. (I used Charles to see the request/response info.)

Any other Ideas, please:
My sites (source, target) being in two different domains, I think we're having few options.
Can you pls. suggest other alternatives? which one of the following is better one?
Browser Redirect with GET parameters -- users can see the parameters, but its encrypted anyway.
Browser redirect with POST parameters -- using java script to auto submit the form information to if JS is disabled, it may fail to auto submit.
Cookie -- since these two are different domains, cookie may not be passed between the domains (i.e., setting cooke from and passing it to

13 years ago