See embedded. On Sat, Apr 21, 2012 at 10:22 PM, Ali Lown <a...@lown.me.uk> wrote:
> A notable point regarding this is that the notifier extension will > only be able to get data from /notification/ whilst the user is logged > in. > Actually it also accepts the query, index and numResults parameters - similar to /search/. i.e. /notification/?query="with:@" etc.. A difference to how GWave handled logins (namely the lack of a > save-my-credentials for x days feature) means that the user needs to > ensure they are logged in via manually visiting the page prior to the > widget being able to notify them of any new waves. > > @Yuri: > If we wanted to add the ability to 'remember me' for the logins how do > we want to ensure sessions aren't hijacked? The obvious way would be > to use a cookie with some form of unique id in, but the unique id > shouldn't be related to the user-id otherwise it could be predicted > and used to bypass authentication. > > I think the session is stored in the JSESSIONID cookie by Jetty and notifier can access it even if the tab was closed since it has access to cookies on the wiab domain that is defined in manifest.json of the chrome extension. Ali > > On 20 April 2012 16:41, Ali Lown <a...@lown.me.uk> wrote: > > Petter, > > > >> How long does a code review usually take, any ideas when one can expect > this > >> updated code in the repository? > > > > Code reviews normally take a few days to allow several people here to > > read-through the code looking for any problems/oversights of the > > original author. > > > > Once a few 'Ship It's have been received, it then takes however long > > Yuri takes to commit the code before it hits the trunk. > > > > Ali >
