<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Sep 21, 2015 at 11:59 AM, Sven Van Caekenberghe <span dir="ltr"><<a href="mailto:sven@stfx.eu" target="_blank">sven@stfx.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class=""><br>
> On 21 Sep 2015, at 15:53, Mariano Martinez Peck <<a href="mailto:marianopeck@gmail.com">marianopeck@gmail.com</a>> wrote:<br>
><br>
> Hi guys,<br>
><br>
> Quick question, has anyone ever implemented a kind of “Remember Me On This Computer” feature in Seaside? If so, any guidelines or code share? :)<br>
<br>
</span>I guess it is normally implemented by storing a cookie, when you see the cookie back, you allow a login without further questions. That is a dangerous feature ;-)<br>
<br>
I have it implemented, using tokens limited to a week or two, and with cookies limited to the current browser session (i.e. they are not persisted). I needed this to recover automagically from expired sessions. But then you need to implement annotated URLs too (at least some else you end up at the homepage all the time).<br></blockquote><div><br></div><div>Hi Sven, but where are the tokes persisted in client side?</div><div> </div><div>In my case, using the plain strategy of cookies is too insecure. I was taking a look to this articule which seems much better:</div><div><a href="https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2">https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2</a><br></div><div><br></div><div>But don't know how hard would be to implement that in Pharo/Seaside.</div><div><br></div><div>Thoughts?</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Most browsers remember and autofill username/password fields, it works for my Seaside apps. That should be enough and is much safer.<br>
<br>
HTH,<br>
<br>
Sven<br>
<span class="im"><br>
> Thanks in advance,<br>
><br>
> --<br>
> Mariano<br>
> <a href="http://marianopeck.wordpress.com" rel="noreferrer" target="_blank">http://marianopeck.wordpress.com</a><br>
</span><div class=""><div class="h5">> _______________________________________________<br>
> seaside mailing list<br>
> <a href="mailto:seaside@lists.squeakfoundation.org">seaside@lists.squeakfoundation.org</a><br>
> <a href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside" rel="noreferrer" target="_blank">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a><br>
<br>
_______________________________________________<br>
seaside mailing list<br>
<a href="mailto:seaside@lists.squeakfoundation.org">seaside@lists.squeakfoundation.org</a><br>
<a href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside" rel="noreferrer" target="_blank">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Mariano<br><a href="http://marianopeck.wordpress.com" target="_blank">http://marianopeck.wordpress.com</a><br></div>
</div></div>