[Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules
Erik Hesselink
hesselink at gmail.com
Wed Feb 27 15:52:50 CET 2013
Note that cookies are not the solution here. Cookies are just as user
controlled as the url, just less visible. What you need is a session
id: a mapping from a non-consecutive, non-guessable, secret token to
the user id (which is sequential and thus guessable, and often exposed
in urls etc.). It doesn't matter if you then store it in the url or a
cookie. Cookies are just more convenient.
Erik
On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
<corentin.dupont at gmail.com> wrote:
> Yes, having a cookie to keep track of the session if something I plan to do.
>
> On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala at gmail.com>
> wrote:
>>
>> The user id is not necessarily the problem, but rather that you can
>> impose as another user. For this, one solution is to keep track of a
>> unique (changing) user token in the cookies and use that for verifying
>> the user.
>>
>> --
>> Mats Rauhala
>> MasseR
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>> =tf0d
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe at haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
More information about the Haskell-Cafe
mailing list