Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

The sessions have problems in base64 #753

Closed
alejonext opened this Issue Feb 19, 2013 · 3 comments

Comments

Projects
None yet
2 participants

The problem is if you want to create unique Url to users according to which any session.O have to use the session ID, can involve a great challenge. And getting into trouble. A basic example

If we have the user sW97GwFqc42k/JT8ooY86eRl and if we realize the character / can be a great nuisance, building area of unique URLs for each session, as well as other methods, such as Ajax or WebSockets.

Although this default base64, you can not make full use of this method. Because there are different characters that could hinder, the client-server comnicacion.

And of course I can not leave without proposing something new! I say we change the use of these characters, much simpler characters like _ or -.

Member

tj commented Feb 19, 2013

where are you passing them in a url? that's typically bad practice anyway, also what exactly are the communication issues you're talking about?

There are characters, and preset and is not recommended to use them. Unique URLs, I'm referring to the use of sessionId at. For if build security. Ex http://localhost/sW97GwFqc42k/JT8ooY86eRl/editme is interpreted as three folders sW97GwFqc42k -> JT8ooY86eR -> editme underside of just two sW97GwFqc42k/JT8ooY86eR -> editme

Member

tj commented Feb 19, 2013

I wouldn't be storing the session id in any url, especially since they're usually associated with a user anyway. If you need anonymous stuff for now I would just shove a uuid in the session, but either way I'm happy with changing / and +. I'll whip up a patch

@tj tj closed this in 44e89f8 Feb 19, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment