I am familiar with that extension, having forked it after the original developer abandoned the project. It was created before the Gwave data API existed, so I am pretty sure it required the user to be logged in. I think the “proper” way to create a wave notifier extension (and the way Google made its extension) is using the data API.
—Zachary “Gamer_Z.” Yaro On Sat, Apr 21, 2012 at 17:03, Yuri Z <vega...@gmail.com> wrote: > Yep. Do you think it wasn't the case for Google Wave Notifier? > > On Sat, Apr 21, 2012 at 11:05 PM, Ali Lown <a...@lown.me.uk> wrote: > > > >> @Yuri: > > >> If we wanted to add the ability to 'remember me' for the logins how do > > >> we want to ensure sessions aren't hijacked? The obvious way would be > > >> to use a cookie with some form of unique id in, but the unique id > > >> shouldn't be related to the user-id otherwise it could be predicted > > >> and used to bypass authentication. > > >> > > >> I think the session is stored in the JSESSIONID cookie by Jetty and > > > notifier can access it even if the tab was closed since it has access > to > > > cookies on the wiab domain that is defined in manifest.json of the > > chrome > > > extension. > > > > Yes, but this still relies on the user having logged in within the > > current browser session (closing and reopening the browser invalidates > > the session ATM). > > >
