[vmchecker-dev] web services specification revised
Szekeres Adriana
aaa_sz at yahoo.com
Thu Mar 11 21:18:02 EET 2010
Hi,
--- On Thu, 3/11/10, Claudiu-Dan Gheorghe <claudiugh at gmail.com> wrote:
> >I don't really understand why you need the extra web
> services.
> 1. logout
Ahhh. I think I've got it. I've only stored the username in a cookie, I didn't save a 'state' on the server. But I guess this is very unsecure :S (I did smth like this [0]). So basically I will have to store a sessionId in a cookie, and on the server to save the username associated with that sessionId. Right? Ok. I'll see how I will do this in mod_python.
ps. To hack this thing is equivalent to guessing a currently used session id, right? Which is undeniably much much secure. :D
> 2. checkAuthentication
I still don't get what you want to replace with this service. Why does the browser want to know if the client is authenticated? (When do you use this service?)
>
> --
> Claudiu
10x,
Adriana
[0]http://www.modpython.org/pipermail/mod_python/2005-February/017365.html
More information about the vmchecker-dev
mailing list