FYI, I believe the reason why cookie ids are strings (double quotes)
and not atoms (single quote or no quote) is a "security feature".
For example, if cookie ids were in yaws as atoms then whenever a
request came in from a browser, the cookie name in the client request
would be converted into an atom. Atoms in erlang are stored in a
global table and there us a limit to number of atoms an erlang VM can
So you can imagine an attack against a yaws server where clients keep
sending requests with a different cookie name each time. If yaws
takes this cookie name and converts it to an atom for internal use,
eventually the atom table will get filled and the erlang VM would crash.
I think yaws used to handle cookie names as atoms until someone
pointed out this possible attack and it was changed to strings.
Anyway, thats my understanding of the issue. If I'm wrong, I hope
someone will correct me ;-)
On Jun 28, 2006, at 12:06 PM, Roberto Saccon wrote:
> That was it ! Thanks very much !!!!
> On 6/28/06, Yariv Sadan <yarivvv@...> wrote:
>> Do you have single quotes around 'SID'? If so, try double quotes.
>> On 6/27/06, Roberto Saccon <rsaccon@...> wrote:
>>> access the JSON session data outside of a JSON method.
>>> Within a JSON method I write some data into the session, and can
>>> retrieve that data (that's basically the official JSON example)
>>> now I want add some Access Control List (ACL) for fine granulated
>>> contnet access, but I can't retrive the cookie session data
>>> outside of
>>> a JSON method.
>>> Here my session data access function "check_role":
>>> get_cookie_val(CookieName, Arg) ->
>>> H = Arg#arg.headers,
>>> yaws_api:find_cookie_val(CookieName, H#headers.cookie).
>>> check_role(Arg, Role) ->
>>> case get_cookie_val('SID', Arg) of
>>>  ->
>>> io:format("no session data"),
>>> Cookie ->
>>> Val = yaws_api:cookieval_to_opaque(Cookie),
>>> io:format("Cookie Val = ~p~n", [Val]),
>>> %% todo: check role
>>> I call it from an erl block like this:
>>> out(Arg) ->
>>> skast_auth:check_role(Arg, 'user').
>>> And I get ouputted "no session data" (but I have stored some key at
>>> the session and from within a JSON method, I see that the data IS
>>> Anybody a clue what I am doing wrong ?
>>> Roberto Saccon
>>> Using Tomcat but need to do more? Need to support web services,
>>> Get stuff done quickly with pre-integrated technology to make
>>> your job easier
>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>> Erlyaws-list mailing list
> Roberto Saccon
> Using Tomcat but need to do more? Need to support web services,
> Get stuff done quickly with pre-integrated technology to make your
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Erlyaws-list mailing list