[thesite] My Intro and a look at a UEUE Proposal
Martin
martin at members.evolt.org
Tue Oct 16 17:53:25 CDT 2001
.jeff wrote on 16/10/01 11:23 pm
>><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>> From: Warden, Matt
>>
>> i think we have a better chance of them objecting if
>> the period (if i understand you right, you're talking
>> about the cookie and/or key) was short. that would
>> pretty much ruin the "remember me" feature.
>><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
>
>the cookie expiration can be fairly far off. however, the expiration for
>the key should be somewhat short (like 1-2 weeks). that doesn't mean it
>needs to fail though. we can store the last key used. if the user's cookie
>doesn't respond to the current key, but it responds to the last key issued
>*and* it's last modified date is within the period of activity for the last
>key then we could reissue the cookie with the newly encrypted data using the
>current key.
OK, what happens if I log in from 2 different machines?
atm, it's fine because each machine has its own cookie and neither do
much persistent authentication to the user record beyond pw. But if we're
checking a cookie against user activity records, it will scupper this.
Cheers
Martin
_______________________________________________
email: martin at easyweb.co.uk PGP ID: 0xA835CCCB
martin at members.evolt.org snailmail: 30 Shandon Place
tel: +44 (0)774 063 9985 Edinburgh,
url: http://www.easyweb.co.uk Scotland
More information about the thesite
mailing list