<div dir="ltr">Hi Esteban, <div><br></div><div>OK the "problem" I told you in below email is easily changing WAQueryFieldAndCookieTrackingStrategy >> sessionsSeparator </div><div>to use $& instead. </div><div><br></div><div>Now Philip answered me that in 3.1 WAHandlerTrackingStrategy is only used for session tracking, which "solves" another of my questions. </div><div><br></div><div>So... I think you are ready to take a look if you want to. </div><div><br></div><div>Feedback is welcome!<br><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Oct 3, 2015 at 1:48 PM, Mariano Martinez Peck <span dir="ltr"><<a href="mailto:marianopeck@gmail.com" target="_blank">marianopeck@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi Esteban,<div><br></div><div>OK.... I did a VERY QUICK pass on the code in order to send it. Note that it hasn't been tested much, I still have a couple of questions to solve/discuss, etc. Also, for some reason I did not have yet the time to debug, it seems that sometimes at login time, the filter tells you are forbidden (the validation failed), but then you try again and it works...should be something simple to fix. Anyway, I am attaching the code now as is if you want to take an early view. Otherwise by Monday/Thuesday I hope I could have something better. </div><div><br></div><div>Note also that this is the first time I deal with authentication, cookies, etc, so it may not be the best code ;) </div><div><br></div><div>Improvements and feedback is welcome! Please read the class comment of both classes attached. </div><div><br></div><div>Thanks,</div><div><br></div><div><br></div></div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Sat, Oct 3, 2015 at 1:17 PM, Esteban A. Maringolo <span dir="ltr"><<a href="mailto:emaringolo@gmail.com" target="_blank">emaringolo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span>2015-10-03 13:14 GMT-03:00 Esteban A. Maringolo <<a href="mailto:emaringolo@gmail.com" target="_blank">emaringolo@gmail.com</a>>:<br>
> Local storage is just a dictionary, and it will be readable by ANY<br>
> user of the browser, so it is very much like Cookies in this sense,<br>
> with the added part of requiring to recover the session token from it<br>
> before performing any HTTP request, and being recoverable not only by<br>
> your site, but with anybody<br>
> with access to the browser.<br>
<br>
</span>I meant, via XSS. Cookies and localStorage are secured by origin.<br>
<div><div>_______________________________________________<br>
seaside mailing list<br>
<a href="mailto:seaside@lists.squeakfoundation.org" target="_blank">seaside@lists.squeakfoundation.org</a><br>
<a href="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside" rel="noreferrer" target="_blank">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><span class=""><font color="#888888">-- <br><div>Mariano<br><a href="http://marianopeck.wordpress.com" target="_blank">http://marianopeck.wordpress.com</a><br></div>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Mariano<br><a href="http://marianopeck.wordpress.com" target="_blank">http://marianopeck.wordpress.com</a><br></div>
</div></div></div>