On Monday, May 4, 2015 at 1:53:30 PM UTC-4, Josh Kamau wrote: > > Thanks Sean. that makes sense. I didnt want that map to be stored as one > cookie because it could potentially be big... (there is a 4kb limit per > cookie right?) . I will dig into it and check. If that works for me, then > all i need is compojure, ring and the awesome ring-defaults middleware. No > need for a monolithic framework. >
Seems you can solve cookie size issues with a database table with two columns, a UUID (PK) and a BLOB with the "real cookie data", and setting a client side cookie with the UUID. This may also have security advantages, if the user can also be an adversary and shouldn't be able to hand-modify some things in the "real cookie data". (E.g. multiplayer online game, don't store any data clientside that the client can (decrypt and) alter unilaterally where such a capability would enable some sort of cheating. Keep the data, or at least the decryption key, on the server.) Note that some databases perform more poorly with UUID PKs than with autoincrement PKs; however, autoincrement PKs have a severe security problem in this context, in that a user can predict valid keys other than their own and doctor their cookie to potentially view another user's data. There have been a number of notorious breaches that resulted from using predictably sequential numbers in cookies, URL query parameters, and similar things without any further authentication than "client knew the number". -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
