On Fri, Oct 22, 2010 at 12:34 PM, Tres Seaver wrote:
> The obvious issue with a beyond-this-session auth cookie is that it
> enables anybody who can run that browser / profile to authenticate as
> the user being persisted. I would consider this an unacceptable risk
> for any site where the auth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/21/2010 06:28 PM, Brian Sullivan wrote:
> Can I persist the password using CookieCrumbler (in addition to the
> user name)? Has anybody made this modification and can supply the
> modified product or code. I made a stab at it but obviously my lev
Thanks -- will have a look.
On Fri, Oct 22, 2010 at 3:43 AM, Peter Bengtsson wrote:
> I wrote something a long time ago which did this. Download
> http://www.issuetrackerproduct.com/Download#CookieCrumblerIssueTrackerProduct
> And read some of the source> I think what you have to do is override
>
I wrote something a long time ago which did this. Download
http://www.issuetrackerproduct.com/Download#CookieCrumblerIssueTrackerProduct
And read some of the source> I think what you have to do is override
its setAuthCookie method somehow and there you can set 'expires' to be
a date far in the futu