close
Warning:
Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.
- Timestamp:
-
Nov 8, 2009, 12:15:19 PM (15 years ago)
- Author:
-
cmlenz
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v5
|
v6
|
|
| 1 | 1 | = Session State = |
| 2 | 2 | |
| 3 | | The `diva.session` module implements management of session state, based entirely on client-side storage via HTTP cookies. The cookie used to store the session data contains the session data encoded as JSON, and is authenticated using [http://tools.ietf.org/html/rfc2104.html HMAC-SHA1-128] based on a secret key known to the server. This means that the user cannot tamper with the cookie value to modify session state directly, bypassing the server-side application logic that is responsible for managing the session. |
| | 3 | The `diva.session` module implements management of session state, based entirely on client-side storage via HTTP cookies. The cookie used to store the session data contains the serialized session data, and is authenticated using [http://tools.ietf.org/html/rfc2104.html HMAC-SHA1-128] based on a secret key known to the server. This means that the user cannot tamper with the cookie value to modify session state directly, bypassing the server-side application logic that is responsible for managing the session. |
| 4 | 4 | |
| 5 | 5 | == Background == |
