Re: [SL] new session procedure

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I am going through admin.pl right now and should have it completed fairly
soon.

It will work a bit differently. The session key is put together from the
login name and the password. This is setup for the cookie, a digest is
written to the user's config file for comparison. There is also a
serverside and browserside timeout. Multiuser access is granted if the
sessions are within the timeout value. All the variables must match or you
get a password prompt. Commandline access works just as before.

In theory there is no way to guess anything because the cookie is never
known anywhere outside of the browser. It's not stored in readable format.
The raw cookie is compared to a digested version and if the two don't
match you get a password prompt. In addition to the undigested version
I'll add another switch so the cookie can be scrambled. This however will
break multiple logins for the same user because the digest will never
match different browser sessions.

If anyone has any other ideas, by all means let me know.

-- 
Dieter Simader    http://www.sql-ledger.com   (780) 472-8161
DWS Systems Inc.     Accounting Software       Fax: 478-5281
============ On a clear disk you can seek forever ==========

On Fri, 8 Sep 2006, David Tangye wrote:

> Dieter,
>
> Can you give any sort of rough guess as to when the fix might be done?
>
> Cheers
> David
>
> On Thu, 2006-09-07 at 17:40 -0600, Dieter Simader wrote:
>
> > This is simply a lie. I looked at this and started on a bug fix the minute
> > it came to my attention. I told you to submit a patch so we could expedite
> > this but only after numerous attempts telling you to submit a patch you
> > finally did, actually it wasn't you but you left it up to Travers to do
> > the work for you.
> >
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> sql-ledger-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sql-ledger-users
>