I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the "session" snaplet.
The Snap.Snaplet.Session<http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session.html> module and the Snap.Snaplet.Session.Backends.CookieSession<http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session-Backends-CookieSession.html> ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns. Here it is: http://hackage.haskell.org/package/snap Hope this helps, Oz On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <corentin.dup...@gmail.com>wrote: > So I need to "encrypt" the user ID in some way? What I need is to > associate the user ID to a random number and store the association is a > table? > > > On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hessel...@gmail.com>wrote: > >> Note that cookies are not the solution here. Cookies are just as user >> controlled as the url, just less visible. What you need is a session >> id: a mapping from a non-consecutive, non-guessable, secret token to >> the user id (which is sequential and thus guessable, and often exposed >> in urls etc.). It doesn't matter if you then store it in the url or a >> cookie. Cookies are just more convenient. >> >> Erik >> >> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont >> <corentin.dup...@gmail.com> wrote: >> > Yes, having a cookie to keep track of the session if something I plan >> to do. >> > >> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauh...@gmail.com> >> > wrote: >> >> >> >> The user id is not necessarily the problem, but rather that you can >> >> impose as another user. For this, one solution is to keep track of a >> >> unique (changing) user token in the cookies and use that for verifying >> >> the user. >> >> >> >> -- >> >> Mats Rauhala >> >> MasseR >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Version: GnuPG v1.4.10 (GNU/Linux) >> >> >> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql >> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt >> >> =tf0d >> >> -----END PGP SIGNATURE----- >> >> >> >> >> >> _______________________________________________ >> >> Haskell-Cafe mailing list >> >> Haskell-Cafe@haskell.org >> >> http://www.haskell.org/mailman/listinfo/haskell-cafe >> >> >> > >> > >> > _______________________________________________ >> > Haskell-Cafe mailing list >> > Haskell-Cafe@haskell.org >> > http://www.haskell.org/mailman/listinfo/haskell-cafe >> > >> > > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe > >
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
