[Seaside] Moving to 2.8
John Thornborrow
john at pinesoft.co.uk
Tue Jul 10 12:13:59 UTC 2007
Lukas Renggli wrote:
>> > > > In attempting to move Gjallar from 2.7 to 2.8 I am looking to
>> find the
>> > > > equivalent of redirectWithCookie: am I missing something?
>> > >
>> > > This was a relict from the old API. It should probably be put into
>> the
>> > > deprecated code, if it is not there.
>> >
>> > Sorry, I was talking about #heading:level:.
>> >
>> > #redirectWithCookie: is not needed anymore, I didn't consider it a
>> > public method. Have a look at WACookieSession to see how you can add a
>> > cookie.
>>
>> IMHO WASession should offer an easy way to add a generic cookie.
>
> What do you need cookies for?
>
> Using cookies is usually a bad smell in Seaside. Cookies are just
> stupid strings.
>
> Lukas
>
I'm planning on using cookies for security reasons. It's easy for a user
to copy and paste a URL to someone else, allowing them to effectively
hijack their session, be it on purpose (to share a subscription service
or similar) or by accident. It also allows for session fixation by
someone trying to manipulate a user... "Hey, use this link!
http://www.somesite.com/?_s=1234" user logs in, then the "attacker" can
hijack the users session (by using the same id - 1234.)
Not so easy with Cookies.
However, I noticed a bug - but can't remember if I already mailed this
list about it or not - it appears when using cookies for session
variable, the #initialRequest: method is bypassed completely - it may
not have been this method but it was one equally as important; I shall
investigate once again when I get time to, but just incase anyone
remembers me mailing about it before?
John
www.pinesoft.co.uk
Pinesoft Computers are registered in England, Registered number: 2914825. Registered office: 266-268 High Street, Waltham Cross, Herts, EN8 7EA
This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com
More information about the Seaside
mailing list