So would say that's what SHA or MD5 are made for but yes, that's not a good idea :)
Anyway, when reading the initial message again, it seems a session is needed. But you can't initialize a ident/pass protected session without reload the http header. So for security and clean code reasons, i would recommend to reload the whole page when logging, and then use full ajax for the rest of the app. In this case, you can use cookies (both ident and pass crypted of course + compare last IP/user-agent) to auto-log the user on the logging page. Remi Grumeau (+33) 663 687 206 http://www.remi-grumeau.com Le 20 févr. 2010 à 14:54, Jorge Chamorro a écrit : > On 20/02/2010, at 13:39, Remi Grumeau wrote: > >> Didn't dig this that much yet but what about cookies ? > > You don't want the usr and pwd to go with every http request... > -- > Jorge. > > -- > You received this message because you are subscribed to the Google Groups > "iPhoneWebDev" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/iphonewebdev?hl=en. > -- You received this message because you are subscribed to the Google Groups "iPhoneWebDev" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/iphonewebdev?hl=en.
