[thesite] My Intro and a look at a UEUE Proposal
.jeff
jeff at members.evolt.org
Tue Oct 16 17:22:12 CDT 2001
matt,
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Warden, Matt
>
> i think we have a better chance of them objecting if
> the period (if i understand you right, you're talking
> about the cookie and/or key) was short. that would
> pretty much ruin the "remember me" feature.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
the cookie expiration can be fairly far off. however, the expiration for
the key should be somewhat short (like 1-2 weeks). that doesn't mean it
needs to fail though. we can store the last key used. if the user's cookie
doesn't respond to the current key, but it responds to the last key issued
*and* it's last modified date is within the period of activity for the last
key then we could reissue the cookie with the newly encrypted data using the
current key.
make sense?
.jeff
http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/
More information about the thesite
mailing list