[Seaside] session and cookies?
Leandro Perez
leandromperez at gmail.com
Thu Aug 30 17:36:59 UTC 2007
John wrote:
> In my opinion, the best practice for "remember me" functionality, is to
> store the encrypted/hashed username and password on the cookie, then
> when the user returns to the site, try and log them in after decrypting
> or comparing hash values, instead of having the user enter them manually.
I agree with this, but shouldn't you consider the problem of a different
person accessing the computer after the real user has left? to tackle this
problem something would have to be done, a possible solution would be what
Dave Bauer said, just to ask for a password when the user returns
I'll have to learn how to create cookies and to store information on them.
Any tips about encryption?
Everything else should be instanced as per a "normal" login from then
> on. If you have session specific information, then the session has
> ended.. thus the new session will lose that information.
> However, it is possible to store the session ID in the users cookie, so
> if the session has not expired, and you override the cookie timeout, it
> would be possible for the user to return to the same session (and also
> possible to return to the same session from a different machine - so be
> warned of hijacking!)
How do I get the session id and retrieve the session using this id? in which
place do sessions dwell?
Hope this helps,
>
> John
Thanks a lot John and Dave!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20070830/68cb53c4/attachment.htm
More information about the seaside
mailing list