[Seaside] session and cookies?

Leandro Perez leandromperez at gmail.com
Thu Aug 30 17:36:59 UTC 2007

John wrote:

> In my opinion, the best practice for "remember me" functionality, is to
> store the encrypted/hashed username and password on the cookie, then
> when the user returns to the site, try and log them in after decrypting
> or comparing hash values, instead of having the user enter them manually.

I agree with this, but shouldn't you consider the problem of a different
person accessing the computer after the real user has left? to tackle this
problem something would have to be done, a possible solution would be what
Dave Bauer said, just to ask for a password when the user returns

I'll have to learn how to create cookies and to store information on them.

Any tips about encryption?

Everything else should be instanced as per a "normal" login from then
> on. If you have session specific information, then the session has
> ended.. thus the new session will lose that information.

> However, it is possible to store the session ID in the users cookie, so
> if the session has not expired, and you override the cookie timeout, it
> would be possible for the user to return to the same session (and also
> possible to return to the same session from a different machine - so be
> warned of hijacking!)

How do I get the session id and retrieve the session using this id? in which
place do sessions dwell?

Hope this helps,
> John

Thanks a lot John and Dave!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20070830/68cb53c4/attachment.htm

More information about the seaside mailing list