[Seaside] sharing sessions through links..
dave.bauer at gmail.com
Tue Oct 28 18:08:17 UTC 2008
On Tue, Oct 28, 2008 at 1:57 PM, Randal L. Schwartz
<merlyn at stonehenge.com> wrote:
>>>>>> "Dave" == Dave Bauer <dave.bauer at gmail.com> writes:
> Dave> This can be handled with cookies by creating a random, secure key on
> Dave> the server for the session, and hashing the cookie with it, then you
> Dave> can validate the cookie with the key and invalidate the key when the
> Dave> session expires. Depends of course, on what you want to do with it.
> Again, way way way too much work. Please read the article. People overthink
> cookies. All you need for a cookie to do is to distinguish one browser from
> another --- that's it!!
I read it. It doesn't support the, "keep my logged in forever" feature
that some sites use. Actually it does not support the, remember my
username feature either. Of course, browsers do this for you, so maybe
we shouldn't support that on the server side anyway. You would have
to authenticate every time you close the browser. Otherwise it is much
simpler since it handles all the complexity on the server side. So
combining this identity cookie with URL session_id simplifies making
sure session URLs can't be reused. It also allows you to reuse the
"which browser is this cookie", if you combine it with the "this
session belongs to this browser" feature. That is, you would have to
check on the server side, which browser cookie belongs with which
sessions. Then you could start a new session in another tab.
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
> See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
dave at solutiongrove.com
More information about the seaside