[Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules
Corentin Dupont
corentin.dupont at gmail.com
Wed Feb 27 22:43:55 CET 2013
Thanks Ozgun,
but I'm using Happstack: this will be compatible?
On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman <ozataman at gmail.com> wrote:
> I would encourage you to take a look at the snap (the web framework)
> package, where this concern is handled for you as part of the "session"
> snaplet.
>
> The Snap.Snaplet.Session<http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session.html> module
> and the Snap.Snaplet.Session.Backends.CookieSession<http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session-Backends-CookieSession.html> ensure
> that contents of the cookie-persistent sessions are encrypted and so you
> can place anything from user ids to other secret information there,
> although I would certainly keep it to a minimum for size concerns.
>
> Here it is: http://hackage.haskell.org/package/snap
>
> Hope this helps,
> Oz
>
>
> On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> So I need to "encrypt" the user ID in some way? What I need is to
>> associate the user ID to a random number and store the association is a
>> table?
>>
>>
>> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink at gmail.com>wrote:
>>
>>> Note that cookies are not the solution here. Cookies are just as user
>>> controlled as the url, just less visible. What you need is a session
>>> id: a mapping from a non-consecutive, non-guessable, secret token to
>>> the user id (which is sequential and thus guessable, and often exposed
>>> in urls etc.). It doesn't matter if you then store it in the url or a
>>> cookie. Cookies are just more convenient.
>>>
>>> Erik
>>>
>>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>>> <corentin.dupont at gmail.com> wrote:
>>> > Yes, having a cookie to keep track of the session if something I plan
>>> to do.
>>> >
>>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala at gmail.com>
>>> > wrote:
>>> >>
>>> >> The user id is not necessarily the problem, but rather that you can
>>> >> impose as another user. For this, one solution is to keep track of a
>>> >> unique (changing) user token in the cookies and use that for verifying
>>> >> the user.
>>> >>
>>> >> --
>>> >> Mats Rauhala
>>> >> MasseR
>>> >>
>>> >> -----BEGIN PGP SIGNATURE-----
>>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>>> >>
>>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>>> >> =tf0d
>>> >> -----END PGP SIGNATURE-----
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> Haskell-Cafe mailing list
>>> >> Haskell-Cafe at haskell.org
>>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >>
>>> >
>>> >
>>> > _______________________________________________
>>> > Haskell-Cafe mailing list
>>> > Haskell-Cafe at haskell.org
>>> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >
>>>
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe at haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20130227/b2523a0a/attachment.htm>
More information about the Haskell-Cafe
mailing list