Hi Igor!
thanks! I will try it out. (I also think token is url safe)
BTW: I meant, there is also 'token_secure', not only 'token' in
twitter's oAuth (+ the app credentials).
So a hacker cannot easily guess the 'token' for the user and get a fake
login via modifying its cookie.
like it would be the case if I would store the user name in the cookie only.
(But this method is not safe if you as a user are connected via an
unsecured WLAN)
Regards,
Peter.
not sure, but i would think it would be ok. i think the token should
already be url safe, but once again - not sure.
-igor
On Sat, Dec 4, 2010 at 12:38 PM, Peter Karich<peat...@yahoo.de> wrote:
Igor,
there is token_secure. So storing it in clean text should be ok, right?
Or do I need to encrypt (or at leat base64ing) it?
Regards,
Peter.
store the token in a cookie and attempt to auto-reologin user based on it?
-igor
On Sat, Dec 4, 2010 at 11:51 AM, Peter Karich<peat...@yahoo.de> wrote:
Hi,
do you know of any examples for wicket which uses twitter's oAuth?
In my app I can easily login and use the twitter api,
but I'm kind of stuck how to avoid that the user needs to login every
time
after the session expires.
Any other hints, links or best practices?
Kind regards,
Peter.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
