Menu
▾
▴
Re: [Fofredux-devel] project access
|
From: Evan R. <eva...@gm...> - 2006-04-20 05:18:56
|
yeah, for some reason i simply couldn't connect. i pumped up the subclipse version to 1.0.1 (was on 0.9.x) and it was able to work perfectly fine. although, it was very slow to do anything...but that could be related to other sf problems that andrew mentioned. so that's 1 vote cookies and 1 vote sessions.i really don't think cookies become a security issue for us, since you dont need to write much in there...login name and timestamp. if that's a security issue, then we are pretty strict. but either way is fine...i don't care. we can easily allow the session timeout to be defined in our options...so the user can easily change it himself. /evan On 4/20/06, Kevin <ke...@dr...> wrote: > > Evan Roth wrote: > > Hey, > > > > i'm trying to configure eclipse to connect to svn and at least get set > > up to start working on some of this stuff. i figure the first thing > > i'll tackle, unless someone has better idea or objections, would be > > the login functionality. it's something that can be squeezed into any > > release, since it's easier for the user than an htpasswd based variant. > > > What trouble are you having with eclipse+subversion? I just added the > repository and did a checkout. > The repository URL is: https://svn.sourceforge.net/svnroot/fofredux/ > > Currently, the path to checkout is */trunk/fofredux*. Once I do the > conversion this weekend it will be moved to */fofredux/trunk*. > > > what's your guys opinion on cookie vs session logins? i'd personally > > go for cookie, since a session could be problematic if someone reads > > his feeds longer than X minutes of the session timeout, then clicks > > mark as read. (ok, we could set session at like 2 hrs and avoid > > that...) but i'll go whatever direction the majority likes... > > > I prefer sessions. If timing out becomes an issue, we can use some > really large default like 1 day. When the browser closes, the session > cookie should expire. I think that's how it works. I hear they are > more secure, also, because all data stays server side, just the > session-id is sent to the client. > > -Kevin > |
