[Seaside] Moving to 2.8

John Thornborrow john at pinesoft.co.uk
Tue Jul 10 12:13:59 UTC 2007

Lukas Renggli wrote:
>> > > > In attempting to move Gjallar from 2.7 to 2.8 I am looking to 
>> find the
>> > > > equivalent of redirectWithCookie: am I missing something?
>> > >
>> > > This was a relict from the old API. It should probably be put into 
>> the
>> > > deprecated code, if it is not there.
>> >
>> > Sorry, I was talking about #heading:level:.
>> >
>> > #redirectWithCookie: is not needed anymore, I didn't consider it a
>> > public method. Have a look at WACookieSession to see how you can add a
>> > cookie.
>> IMHO WASession should offer an easy way to add a generic cookie.
> What do you need cookies for?
> Using cookies is usually a bad smell in Seaside. Cookies are just
> stupid strings.
> Lukas
I'm planning on using cookies for security reasons. It's easy for a user 
to copy and paste a URL to someone else, allowing them to effectively 
hijack their session, be it on purpose (to share a subscription service 
or similar) or by accident. It also allows for session fixation by 
someone trying to manipulate a user... "Hey, use this link! 
http://www.somesite.com/?_s=1234" user logs in, then the "attacker" can 
hijack the users session (by using the same id - 1234.)

Not so easy with Cookies.

However, I noticed a bug - but can't remember if I already mailed this 
list about it or not - it appears when using cookies for session 
variable, the #initialRequest: method is bypassed completely - it may 
not have been this method but it was one equally as important; I shall 
investigate once again when I get time to, but just incase anyone 
remembers me mailing about it before?



Pinesoft Computers are registered in England, Registered number: 2914825. Registered office: 266-268 High Street, Waltham Cross, Herts, EN8 7EA

This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com

More information about the Seaside mailing list