Hey Matthew, 2011/6/23 Matthew Sherborne <[email protected]>: > httpOnly looks very good too. I'll add it to that patch later tonight > and repost.
Great! I am not sure if that one even needs to be an option. We have no need for reading the cookie from JavaScript and it's only a risk to allow it. > With my current app, I'm writing my own logged in user session > manager, which uses custom cookies (per your suggestion) and lives > longer than witty sessions. > > In the future, I'd like to see Witty sessions not die when using html5 > history and people typing straight in the address bar. Do you think > that's a possibility ? The question there is if it possible to distinguish between the user opening a new window with a certain address versus the user modifying the url when in a Wt session. I don't think you can and since you cannot have multiple views on a single session, I am inclined to say that will not ever be possible. Therefore I believe that you need to treat this as a new session, but use your approach to identify the user across sessions. Regards, koen ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ witty-interest mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/witty-interest
