An attack against this system could be to send the following HTTP request:

HTTP requests sent by a browser will usually ask only for data that has changed since the last download.

It is also used to store information on the server-side between HTTP requests.

I didn't realize you could also do the same thing with HTTP requests.

Rather, the string is sent as the body of the HTTP request.

HTTP requests can be specified, which are then sent multiple times.

The HTTP request is simply a request for a page.

This method is called to process the HTTP request.

The servlet may read data that has been provided in the HTTP request.

That way if you want to share data with a site the "permission" gets sent along with the HTTP request.