[thesite] UEUE v.0.2 Update

[.jeff]

mark,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Mark Nickel
>
> Yup, that's about right.... A hidden field in a form is
> set with the subsites URL.  The UEUE server will then
> set cookies based on the subsite's domain...
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

my understanding of cookies is that you can't set a cookie for another
domain.  ie, if i'm visiting cnn.com, they can't set a cookie for abc.com.

http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html#sec-4.3.2

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> After you register, you are redirected back to garrett's
> site, simulating a redirect to a *.e.o subsite.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

i didn't get the redirect when i registered.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> If you want to relogin, go
> http://members.evolt.org/mnickel/ueue/ueue_login.php
>
> This relogin simulates a login form on a subsite,
> garrett's,  with a redirect_site back to garrett's...
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

this one seemed to work.  i'm surprised by the number of cookies being used
for just basic info though.  as of now we're talking about 8 cookies.  if
we're setting a cookie for each piece of info then we could easily bump
against the 20 cookie limit
(http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2109.html#sec-6.3)

also, i'm concerned that things like my username and my email are in these
cookies in clear text.  this opens up severe privacy concerns with regard to
m.e.o. cookie usage that don't currently exist.

these concerns of mine may not be necessary though as i notice you're
setting a cookie with the hashed values as well.  if it's just the hashed
values that will be used in the final implementation then that's not so much
of a problem.

thanks,

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/