[Seaside] sharing sessions through links..

Dave Bauer dave.bauer at gmail.com
Tue Oct 28 17:54:23 UTC 2008

On Tue, Oct 28, 2008 at 1:32 PM, Randal L. Schwartz
<merlyn at stonehenge.com> wrote:

> No, you don't need two cookies --- you need only one cookie, as I demonstrated
> my magazine article
> (http://www.stonehenge.com/merlyn/WebTechniques/col61.html). You can't count
> on a cookie going away as a means of timing out of session, since the browser
> can do whatever it wants and client-side software can lie.

This can be handled with cookies by creating a random, secure key on
the server for the session, and hashing the cookie with it, then you
can validate the cookie with the key and invalidate the key when the
session expires. Depends of course, on what you want to do with it.

Dave Bauer
dave at solutiongrove.com

More information about the seaside mailing list