[Seaside] session and cookies?

Leandro Perez leandromperez at gmail.com
Fri Aug 31 20:48:36 UTC 2007


Dave Bauer wrote:
>
>
>
> On OpenACS (ancient web toolkit) there is a pool of secret tokens that
> are generated by the server. These are used to digitally sign the
> values in the cookies. Note, the values are not secure unless you use
> HTTPS in this scheme. You can make a cookie "secure" and it will
> always be transmitted over HTTPs. Of course the values are on the
> computer, that's why you shouldn't put anything secret IN the cookie.
> You could also use someting like ssha-1 to encode the values before
> setting the cookie.
>
> Here's the code where I am getting the design ideas from if you are
> interested. it is written in Tcl but should be reasonbly readable.
>
>
> http://cvs.openacs.org/cvs/openacs-4/packages/acs-tcl/tcl/security-procs.tcl?rev=1.44&view=markup
>
> Good luck.


Thanks a lot Dave, I'll have a look of it asap!
Leandro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20070831/dd7c94a0/attachment.htm


More information about the seaside mailing list