Hi Jeromy,
Thanks for the comments.
I'm trying to steer away from javascript for the solution in order to
maximise browser compatibility (this app may be used on older mobile
phones).
I'm hoping that AES encryption isn't cracked ;), and by the inclusion of
some random noise in the propertie
Al Sutton wrote:
Dave,
I'm completely agree it's a great idea and useful thing to do, but the
problem is what to put into the cookie and how to map it to the user.
My current favourite is encrypt the properties you want to store
(using AES for speed and JCE support), then decrypt and inject
ll probably use something like
that for our new projects.
Dave
--- On Thu, 6/26/08, Al Sutton <[EMAIL PROTECTED]> wrote:
From: Al Sutton <[EMAIL PROTECTED]>
Subject: Re: [s2] Whats the most strutsy way of doing
To: "Struts Users Mailing List"
Date: Thursday, June 2
The key(s) can be a single key per day/week/month. The date of the
cookie generation can be included and the relevant key looked up.
The problem with MD5 is it's one way so I'd have to have either a search
and match algorithm, or a database of MD5ed text to user mappings. With
AES I can extrac
It's going to be a problem with whatever method is used. Even if there
is a server side IP address record for each cookie you still have the
problem of cookies stoled and used at the same location :(.
Unless you have an idea you wish to share? :).
Al.
Musachy Barroso wrote:
Be aware of cook
D]>
> Subject: Re: [s2] Whats the most strutsy way of doing
> To: "Struts Users Mailing List"
> Date: Thursday, June 26, 2008, 10:32 AM
> I was thinking more along the lines of encrypting the userId
> and
> password hash using AES, store the value in the coo
Hi,
2008/6/26 Al Sutton <[EMAIL PROTECTED]>:
> I was thinking more along the lines of encrypting the userId and password
> hash using AES, store the value in the cookie, then if the cookie is
> available during another session decrypt, check everything matches, and let
> them back in.
But you wil
Be aware of cookie stealing.
musachy
On Thu, Jun 26, 2008 at 10:32 AM, Al Sutton <[EMAIL PROTECTED]> wrote:
> I was thinking more along the lines of encrypting the userId and password
> hash using AES, store the value in the cookie, then if the cookie is
> available during another session decrypt
I was thinking more along the lines of encrypting the userId and
password hash using AES, store the value in the cookie, then if the
cookie is available during another session decrypt, check everything
matches, and let them back in.
That way it avoids trying to maintain sync between the user a
I think there isn't any solution in Struts2, so then, implement that
with cookies and save such cookie also on the server side in db, you
can also allow such thing for selected users, etc.
Regards
--
Lukasz
http://www.lenart.org.pl/
--
... and, with dependancies, it comes to over 1MB in size, which for me
is too much bloat just for one small feature.
If needs be I'll do something with crypto & a cookie which will fit into
a few K, I just wondered if there was an easier method.
Lukasz Lenart wrote:
2008/6/26 Al Sutton <[EMA
2008/6/26 Al Sutton <[EMAIL PROTECTED]>:
> Acegi is a bit of overkill for what I need. It's a simple app, so I'm
> looking for a simple struts based solution or failing that someone to say it
> can't be done :(.
But it's wide used and you can find lot of examples, and the most
important, someone w
Acegi is a bit of overkill for what I need. It's a simple app, so I'm
looking for a simple struts based solution or failing that someone to
say it can't be done :(.
Al.
Lukasz Lenart wrote:
Hi
2008/6/26 Al Sutton <[EMAIL PROTECTED]>:
... a remember me tick box on a login page?
If the us
t; wrote:
> From: Al Sutton <[EMAIL PROTECTED]>
> Subject: [s2] Whats the most strutsy way of doing
> To: "Struts Users Mailing List"
> Date: Thursday, June 26, 2008, 8:19 AM
> ... a remember me tick box on a login page?
>
> If the user ticks the box they'
Hi
2008/6/26 Al Sutton <[EMAIL PROTECTED]>:
> ... a remember me tick box on a login page?
>
> If the user ticks the box they're don't have to log in again if they visit
> the site again, if they don't click it the login times out in the same
> manner as a normal session.
>
> Remember; I'm ideally
Hi Al,
use cookie?
But it's working only within one user browser at a time.
Best greetings,
Paweł Wielgus
On 26/06/2008, Al Sutton <[EMAIL PROTECTED]> wrote:
> ... a remember me tick box on a login page?
>
> If the user ticks the box they're don't have to log in again if they visit
> the site ag
... a remember me tick box on a login page?
If the user ticks the box they're don't have to log in again if they
visit the site again, if they don't click it the login times out in the
same manner as a normal session.
Remember; I'm ideally looking for a method that stays within the
framwork
17 matches
Mail list logo
