[Seaside] "Remember me" in Seaside
Esteban A. Maringolo
emaringolo at gmail.com
Tue Mar 11 19:03:16 UTC 2014
But what if I spoof the cookie with a particular username?
There should be a server side session whitelist, and a shared token.
Shouldn't it?
Regards!
Esteban A. Maringolo
2014-03-11 8:10 GMT-03:00 Sven Van Caekenberghe <sven at stfx.eu>:
> I do it with my own cookie, very easy to do:
>
> "before showing the username"
>
> (self requestContext request cookieAt: self loginUsernameCookieKey)
> ifNotNil: [ :cookie | username := cookie value ]
>
> "after a successful login"
>
> self requestContext response addCookie: self loginUsernameCookie.
>
> where
>
> loginUsernameCookie
> ^ self requestContext newCookie
> key: self loginUsernameCookieKey;
> value: self username;
> expireIn: 1 year;
> yourself
>
> HTH,
>
> Sven
>
> On 11 Mar 2014, at 09:39, Torsten Bergmann <astares at gmx.de> wrote:
>
>> Any code to share for a "remember me" functionality on logins?
>> Is there a common pattern on how to do it?
>>
>> Thx
>> T.
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
More information about the seaside
mailing list