So I need to "encrypt" the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?
On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hessel...@gmail.com> wrote: > Note that cookies are not the solution here. Cookies are just as user > controlled as the url, just less visible. What you need is a session > id: a mapping from a non-consecutive, non-guessable, secret token to > the user id (which is sequential and thus guessable, and often exposed > in urls etc.). It doesn't matter if you then store it in the url or a > cookie. Cookies are just more convenient. > > Erik > > On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont > <corentin.dup...@gmail.com> wrote: > > Yes, having a cookie to keep track of the session if something I plan to > do. > > > > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauh...@gmail.com> > > wrote: > >> > >> The user id is not necessarily the problem, but rather that you can > >> impose as another user. For this, one solution is to keep track of a > >> unique (changing) user token in the cookies and use that for verifying > >> the user. > >> > >> -- > >> Mats Rauhala > >> MasseR > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.10 (GNU/Linux) > >> > >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql > >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt > >> =tf0d > >> -----END PGP SIGNATURE----- > >> > >> > >> _______________________________________________ > >> Haskell-Cafe mailing list > >> Haskell-Cafe@haskell.org > >> http://www.haskell.org/mailman/listinfo/haskell-cafe > >> > > > > > > _______________________________________________ > > Haskell-Cafe mailing list > > Haskell-Cafe@haskell.org > > http://www.haskell.org/mailman/listinfo/haskell-cafe > > >
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
