[vmchecker-dev] web services specification revised
Szekeres Adriana
aaa_sz at yahoo.com
Thu Mar 11 23:52:54 EET 2010
--- On Thu, 3/11/10, Claudiu-Dan Gheorghe <claudiugh at gmail.com> wrote:
> From: Claudiu-Dan Gheorghe <claudiugh at gmail.com>
> Subject: Re: [vmchecker-dev] web services specification revised
> To: "VMchecker Development List" <vmchecker-dev at lists.rosedu.org>
> Date: Thursday, March 11, 2010, 9:50 PM
> > Ahhh. I think I've got it. I've
> only stored the username in a cookie, I didn't save a
> 'state' on the server. But I guess this is very unsecure :S
> (I did smth like this [0]). So basically I will have to
> store a sessionId in a cookie, and on the server to save the
> username associated with that sessionId. Right? Ok. I'll see
> how I will do this in mod_python.
>
> You don't need to handle session id manually. The session
> object from
> mod_python does this for you, as far as I know. You can
> check the code
> from here hwchecker[1], a project began by me and Stefan
> Bucur in
> which we wanted to implement the GUI for vmchecker as a
> separate
> project.
Yes. Crystal clear.
> This is useful in the first step of loading the
> application. We must
> decide what should we display: the application content (if
> it was
> previously authenticated) or the login screen (if it is
> not
> authenticated).
Ok. But why don't you just check the cookie? Worst case scenario: the cookie is set, but corrupt, you try to display the content page but receive a 404 from my services, then you'll redirect to login page. (I guess this might also happen when you request smth just as the cookie expires - you'll receive a 404 and you'll have to redirect).
ps. I see that cs.curs always displays the login page, saying that I'm not logged in :D. (only if I request another page - being logged in-, like http://cs09.curs.pub.ro/my/ I can do a logout). Great.
> [1] http://code.google.com/
>
> --
> Claudiu
10x,
Adriana
More information about the vmchecker-dev
mailing list