[Seaside] Adding domain to a cookie

Boris Popov boris at deepcovelabs.com
Wed Dec 6 20:15:06 UTC 2006 

Try to visit the site with browser that has cookies disabled, you'll end
up in an endless loop of redirects. In all honestly, maybe I should have
spent some time and devised a fallback plan for when it happens to
switch that session to URL tracking, but haven't done it yet and
probably won't for a while :)

Cheers,

-Boris

-- 
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5

boris at deepcovelabs.com

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message
header. Unless otherwise indicated, it contains information that is
private and confidential. If you have received it in error, please
notify the sender and delete the entire message including any
attachments.

Thank you.

-----Original Message-----
From: seaside-bounces at lists.squeakfoundation.org
[mailto:seaside-bounces at lists.squeakfoundation.org] On Behalf Of Avi
Bryant
Sent: Wednesday, December 06, 2006 12:07 PM
To: The Squeak Enterprise Aubergines Server - general discussion.
Subject: Re: RE: RE: [Seaside] Adding domain to a cookie

On 12/6/06, Boris Popov <boris at deepcovelabs.com> wrote:
> Well, cookies (if they worked properly) would be great for session
> tracking, because without them one could copy the URL and paste it on
> another machine to keep on working, which is a bit of a security risk,
> for instance I can use my cell phone camera to take a pic of someone's
> desktop, and type the same URL in my browser. I use session protector
> for our app, but it's a tad useless in today's world full of networks
> NAT'ed behind a single IP.
>
> No?

Indeed.  There's an option (#useSessionCookie) to store the session ID
in a cookie.  Another advantage of this is that if the user closes
their browser window and then comes back to the app later just by
typing in the URL, they will get put back into their old session if it
hasn't expired.  The main disadvantage is that you can't have two
sessions on the same app from the same browser (it really annoys me
that I can't have two different gmail accounts open, for example).

Avi
_______________________________________________
Seaside mailing list
Seaside at lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

More information about the Seaside mailing list