oh, but this would raise other questions :-)
e.g. how can I setup https with tomcat/wicket? Or do I need to setup
this with apache only?
Regards,
Peter.
you can mark the cookie as secure so it will only be transferred over https.
-igor
On Sat, Dec 4, 2010 at 12:56 PM, Peter Karich wrote:
you can mark the cookie as secure so it will only be transferred over https.
-igor
On Sat, Dec 4, 2010 at 12:56 PM, Peter Karich wrote:
> Hi Igor!
>
> thanks! I will try it out. (I also think token is url safe)
>
> BTW: I meant, there is also 'token_secure', not only 'token' in twitter's
> oAut
Hi Igor!
thanks! I will try it out. (I also think token is url safe)
BTW: I meant, there is also 'token_secure', not only 'token' in
twitter's oAuth (+ the app credentials).
So a hacker cannot easily guess the 'token' for the user and get a fake
login via modifying its cookie.
like it would
not sure, but i would think it would be ok. i think the token should
already be url safe, but once again - not sure.
-igor
On Sat, Dec 4, 2010 at 12:38 PM, Peter Karich wrote:
> Igor,
>
> there is token_secure. So storing it in clean text should be ok, right?
> Or do I need to encrypt (or at le
Igor,
there is token_secure. So storing it in clean text should be ok, right?
Or do I need to encrypt (or at leat base64ing) it?
Regards,
Peter.
store the token in a cookie and attempt to auto-reologin user based on it?
-igor
On Sat, Dec 4, 2010 at 11:51 AM, Peter Karich wrote:
Hi,
do
store the token in a cookie and attempt to auto-reologin user based on it?
-igor
On Sat, Dec 4, 2010 at 11:51 AM, Peter Karich wrote:
> Hi,
>
> do you know of any examples for wicket which uses twitter's oAuth?
> In my app I can easily login and use the twitter api,
> but I'm kind of stuck how