Re: [Seaside] “Remember Me On This Computer” kind of feature for Seaside?
Mariano Martinez Peck
marianopeck at gmail.com
Wed Sep 23 17:45:48 UTC 2015
On Mon, Sep 21, 2015 at 11:59 AM, Sven Van Caekenberghe <sven at stfx.eu>
wrote:
>
> > On 21 Sep 2015, at 15:53, Mariano Martinez Peck <marianopeck at gmail.com>
> wrote:
> >
> > Hi guys,
> >
> > Quick question, has anyone ever implemented a kind of “Remember Me On
> This Computer” feature in Seaside? If so, any guidelines or code share? :)
>
> I guess it is normally implemented by storing a cookie, when you see the
> cookie back, you allow a login without further questions. That is a
> dangerous feature ;-)
>
> I have it implemented, using tokens limited to a week or two, and with
> cookies limited to the current browser session (i.e. they are not
> persisted). I needed this to recover automagically from expired sessions.
> But then you need to implement annotated URLs too (at least some else you
> end up at the homepage all the time).
>
Hi Sven, but where are the tokes persisted in client side?
In my case, using the plain strategy of cookies is too insecure. I was
taking a look to this articule which seems much better:
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2
But don't know how hard would be to implement that in Pharo/Seaside.
Thoughts?
> Most browsers remember and autofill username/password fields, it works for
> my Seaside apps. That should be enough and is much safer.
>
> HTH,
>
> Sven
>
> > Thanks in advance,
> >
> > --
> > Mariano
> > http://marianopeck.wordpress.com
> > _______________________________________________
> > seaside mailing list
> > seaside at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
--
Mariano
http://marianopeck.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20150923/d5164133/attachment.htm
More information about the seaside
mailing list