Closed sheganinans closed 10 years ago
Also I am not satisfied with how show is being handled. Say you are using encrypted cookies, but then there is an error that shows the stacktrace on the client side. All of the cookies would be shown unencrypted.
Hi aistis:
Ahhh. I see.... !!!!!
No problem Aistis. only the user with administrator privileges can see the trace in the browser.
The trace appears in the log of the server, but it only appears when the user is the administrator. Thaits is how ASP.NET does it too.
Anyway.. It is true that the cookies appear in the trace?. I suspect that only the line numbers and the source file name of the of code are shown
2014-02-03 Aistis Raulinaitis notifications@github.com:
Also I am not satisfied with how show is being handled. Say you are using encrypted cookies, but then there is an error that shows the stacktrace on the client side. All of the cookies would be shown unencrypted.
Reply to this email directly or view it on GitHubhttps://github.com/agocorona/MFlow/pull/15#issuecomment-33919657 .
Alberto.
I'm debating how to handle encryptCookie, since right now its type is CookieT -> IO Cookie. I'll might change it to Cookie -> IO Cookie, depending on what we think is right.
I'm thinking about how it should be handled, should the cookie's fields be re-encrypted if it is encrypted already? Do we want the type system tracking how many times a cookie has been encrypted? How much of this should be exposed to the developer?