[Seaside] session and cookies?
leandromperez at gmail.com
Fri Aug 31 20:48:36 UTC 2007
Dave Bauer wrote:
> On OpenACS (ancient web toolkit) there is a pool of secret tokens that
> are generated by the server. These are used to digitally sign the
> values in the cookies. Note, the values are not secure unless you use
> HTTPS in this scheme. You can make a cookie "secure" and it will
> always be transmitted over HTTPs. Of course the values are on the
> computer, that's why you shouldn't put anything secret IN the cookie.
> You could also use someting like ssha-1 to encode the values before
> setting the cookie.
> Here's the code where I am getting the design ideas from if you are
> interested. it is written in Tcl but should be reasonbly readable.
> Good luck.
Thanks a lot Dave, I'll have a look of it asap!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the seaside