Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

The sessions have problems in base64 #753

Closed
alejonext opened this Issue · 3 comments

2 participants

@alejonext

The problem is if you want to create unique Url to users according to which any session.O have to use the session ID, can involve a great challenge. And getting into trouble. A basic example

If we have the user sW97GwFqc42k/JT8ooY86eRl and if we realize the character / can be a great nuisance, building area of unique URLs for each session, as well as other methods, such as Ajax or WebSockets.

Although this default base64, you can not make full use of this method. Because there are different characters that could hinder, the client-server comnicacion.

And of course I can not leave without proposing something new! I say we change the use of these characters, much simpler characters like _ or -.

@tj
Owner
tj commented

where are you passing them in a url? that's typically bad practice anyway, also what exactly are the communication issues you're talking about?

@alejonext

There are characters, and preset and is not recommended to use them. Unique URLs, I'm referring to the use of sessionId at. For if build security. Ex http://localhost/sW97GwFqc42k/JT8ooY86eRl/editme is interpreted as three folders sW97GwFqc42k -> JT8ooY86eR -> editme underside of just two sW97GwFqc42k/JT8ooY86eR -> editme

@tj
Owner
tj commented

I wouldn't be storing the session id in any url, especially since they're usually associated with a user anyway. If you need anonymous stuff for now I would just shove a uuid in the session, but either way I'm happy with changing / and +. I'll whip up a patch

@tj tj closed this in 44e89f8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.