[Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules

Corentin Dupont corentin.dupont at gmail.com
Wed Feb 27 20:08:12 CET 2013


So I need to "encrypt" the user ID in some way? What I need is to associate
the user ID to a random number and store the association is a table?


On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink at gmail.com> wrote:

> Note that cookies are not the solution here. Cookies are just as user
> controlled as the url, just less visible. What you need is a session
> id: a mapping from a non-consecutive, non-guessable, secret token to
> the user id (which is sequential and thus guessable, and often exposed
> in urls etc.). It doesn't matter if you then store it in the url or a
> cookie. Cookies are just more convenient.
>
> Erik
>
> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
> <corentin.dupont at gmail.com> wrote:
> > Yes, having a cookie to keep track of the session if something I plan to
> do.
> >
> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala at gmail.com>
> > wrote:
> >>
> >> The user id is not necessarily the problem, but rather that you can
> >> impose as another user. For this, one solution is to keep track of a
> >> unique (changing) user token in the cookies and use that for verifying
> >> the user.
> >>
> >> --
> >> Mats Rauhala
> >> MasseR
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.10 (GNU/Linux)
> >>
> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
> >> =tf0d
> >> -----END PGP SIGNATURE-----
> >>
> >>
> >> _______________________________________________
> >> Haskell-Cafe mailing list
> >> Haskell-Cafe at haskell.org
> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
> >>
> >
> >
> > _______________________________________________
> > Haskell-Cafe mailing list
> > Haskell-Cafe at haskell.org
> > http://www.haskell.org/mailman/listinfo/haskell-cafe
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20130227/311e9614/attachment.htm>


More information about the Haskell-Cafe mailing list