Ricardo SIGNES wrote: > Right... the encryption ceases to be overkill when you eliminate the > server-side cookie and don't want someone to be able to change his username! You could get both benefits (JS usable structure and tamper proof data) by adding a hash key to the JSON structure. Then double check the server side data with the hash key to make sure it wasn't tampered with. > Yeah, that's an interesting point. I should extend my session definition to > have private and public data! If you could wrap that all up into a plugin, or add it to C::A::P::Session that would be pretty useful. -- Michael Peters Plus Three, LP ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.