Hi there, I'm developing my first twitter web application and i need some help or rather some advice. After a user allows my app to access their account, they are redirected to my website. From there i generate a unique 25char long key. This key is stored together with the access tokens and other details related to the user (e.g. path to profile pic etc...) in a MySQL database.
I also set 2 cookies on the user's PC : One to store the access token (not the access token secret) and another one that store the unique 25 char long key. Plus i also set SESSIONS that store the user's twitter id, access token and access token secret. Is this the way you guys do it? Do i have to use an https connection for my twitter app? Because i was wondering what if someone is able to read the cookie values (access token and key) of a user passing over the network and then put that in his own cookie. He will be able to access someone else account. Thank You -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk