[Seaside] session and cookies?
Dave Bauer
dave at thedesignexperience.org
Thu Aug 30 18:00:03 UTC 2007
> I'll have to learn how to create cookies and to store information on them.
>
> Any tips about encryption?
On OpenACS (ancient web toolkit) there is a pool of secret tokens that
are generated by the server. These are used to digitally sign the
values in the cookies. Note, the values are not secure unless you use
HTTPS in this scheme. You can make a cookie "secure" and it will
always be transmitted over HTTPs. Of course the values are on the
computer, that's why you shouldn't put anything secret IN the cookie.
You could also use someting like ssha-1 to encode the values before
setting the cookie.
Here's the code where I am getting the design ideas from if you are
interested. it is written in Tcl but should be reasonbly readable.
http://cvs.openacs.org/cvs/openacs-4/packages/acs-tcl/tcl/security-procs.tcl?rev=1.44&view=markup
Good luck.
>
>
--
Dave Bauer
More information about the seaside
mailing list