[Seaside] Session tracking without URL field yet supporting "multi session"

Mariano Martinez Peck marianopeck at gmail.com
Mon Oct 5 13:28:34 UTC 2015 

Hi Esteban,

OK the "problem" I told you in below email is easily changing
WAQueryFieldAndCookieTrackingStrategy >> sessionsSeparator
to use $&  instead.

Now Philip answered me that in 3.1 WAHandlerTrackingStrategy is only used
for session tracking, which "solves" another of my questions.

So... I think you are ready to take a look if you want to.

Feedback is welcome!

On Sat, Oct 3, 2015 at 1:48 PM, Mariano Martinez Peck <marianopeck at gmail.com
> wrote:

> Hi Esteban,
>
> OK.... I did a VERY QUICK pass on the code in order to send it. Note that
> it hasn't been tested much, I still have a couple of questions to
> solve/discuss, etc. Also, for some reason  I did not have yet the time to
> debug, it seems that sometimes at login time, the filter tells you are
> forbidden (the validation failed), but then you try again and it
> works...should be something simple to fix. Anyway, I am attaching the code
> now as is if you want to take an early view. Otherwise by Monday/Thuesday I
> hope I could have something better.
>
> Note also that this is the first time I deal with authentication, cookies,
> etc, so it may not be the best code ;)
>
> Improvements and feedback is welcome! Please read the class comment of
> both classes attached.
>
> Thanks,
>
>
>
> On Sat, Oct 3, 2015 at 1:17 PM, Esteban A. Maringolo <emaringolo at gmail.com
> > wrote:
>
>> 2015-10-03 13:14 GMT-03:00 Esteban A. Maringolo <emaringolo at gmail.com>:
>> > Local storage is just a dictionary, and it will be readable by ANY
>> > user of the browser, so it is very much like Cookies in this sense,
>> > with the added part of requiring to recover the session token from it
>> > before performing any HTTP request, and being recoverable not only by
>> > your site, but with anybody
>> > with access to the browser.
>>
>> I meant, via XSS. Cookies and localStorage are secured by origin.
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>
>
>
> --
> Mariano
> http://marianopeck.wordpress.com
>



-- 
Mariano
http://marianopeck.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20151005/a63a8921/attachment.htm

More information about the seaside mailing list