[Seaside] Adding domain to a cookie
Avi Bryant
avi.bryant at gmail.com
Wed Dec 6 20:06:44 UTC 2006
On 12/6/06, Boris Popov <boris at deepcovelabs.com> wrote:
> Well, cookies (if they worked properly) would be great for session
> tracking, because without them one could copy the URL and paste it on
> another machine to keep on working, which is a bit of a security risk,
> for instance I can use my cell phone camera to take a pic of someone's
> desktop, and type the same URL in my browser. I use session protector
> for our app, but it's a tad useless in today's world full of networks
> NAT'ed behind a single IP.
>
> No?
Indeed. There's an option (#useSessionCookie) to store the session ID
in a cookie. Another advantage of this is that if the user closes
their browser window and then comes back to the app later just by
typing in the URL, they will get put back into their old session if it
hasn't expired. The main disadvantage is that you can't have two
sessions on the same app from the same browser (it really annoys me
that I can't have two different gmail accounts open, for example).
Avi
More information about the Seaside
mailing list