* Michael Peters <[EMAIL PROTECTED]> [2008-03-10T09:15:26] > Ricardo SIGNES wrote: > > It's a Catalyst plugin that stores your whole session in the cookie. It's > > stored as a base64-encoded, Rijndael-enciphered, JSON-encoded string. > > Krang does this as well and I've used it on lots of other projects too. But, > I think that's a little overkill. I just use a URL encoded JSON cookie. I > don't put anything sensitive in there. I usually use this in conjunction with > a normal session cookie. So the sensitive stuff goes into the server side > session and the non-sensitive stuff in the client side session.
Right... the encryption ceases to be overkill when you eliminate the server-side cookie and don't want someone to be able to change his username! > The nice thing about putting things into the cookie in an easy to read JSON > format is that my client side AJAX/Javascript code can use it too. For > instance, Krang has a user preference to determine how long you want the > messages that slide-in to remain visible. With this stored in this JSON > cookie we can access that from the Javascript, since that's what creates the > slide-in messages in the first place. Yeah, that's an interesting point. I should extend my session definition to have private and public data! > The reason I use 2 session cookies (one just the key to the server side > session and the other a JSON cookie) is mainly because of (c). Cookie size is > limited and I can't guarantee that some people's sessions won't get really > big. Yeah. Again, in this specific application, I know all the data that might go into the session, and they are all small. -- rjbs ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
