Hello, I want to store a username and a password in a cookie on the users system. This for an auto login feature. How can I encript & decript a password / variable in Zope / Python ? Thanks for the help. Martin Koekenberg
On Tuesday 14 September 2004 07:46, Martin Koekenberg wrote:
I want to store a username and a password in a cookie on the users system. This for an auto login feature.
Don't. The standard way is to generate a random "session ID" and store that in a database or Zope object, and give the user that string in a cookie. Whenever the user sends ID cookie, you look in your database for the existence or state of that session. Don't just store the username and password on the machine without explicitly notifying the user that you're doing so. -- Kirk Strauser The Day Companies
--On Dienstag, 14. September 2004 14:46 Uhr +0200 Martin Koekenberg <zope@digital-adventures.nl> wrote:
Hello,
I want to store a username and a password in a cookie on the users system. This for an auto login feature.
How can I encript & decript a password / variable in Zope / Python ?
You really don't want to send user+password encrypted or unencrypted as cookie. This is a very bad practise! Instead you might send some token e.g. like the __ac token used by Zope. -aj
On Tue, 2004-09-14 at 11:30, Andreas Jung wrote:
You really don't want to send user+password encrypted or unencrypted as cookie. This is a very bad practise! Instead you might send some token e.g. like the __ac token used by Zope.
The __ac token used by Cookie Crumbler is just the base64 encoded username and password, AFAIK. - C
participants (4)
-
Andreas Jung -
Chris McDonough -
Kirk Strauser -
Martin Koekenberg