agocorona / MFlow

(Haskell) Web application server with stateful, type safe user interactions and widget combinators
http://mflowdemo.herokuapp.com
Other
100 stars 12 forks source link

Proper types for different cookies #15

Closed sheganinans closed 10 years ago

sheganinans commented 10 years ago

I'm debating how to handle encryptCookie, since right now its type is CookieT -> IO Cookie. I'll might change it to Cookie -> IO Cookie, depending on what we think is right.

I'm thinking about how it should be handled, should the cookie's fields be re-encrypted if it is encrypted already? Do we want the type system tracking how many times a cookie has been encrypted? How much of this should be exposed to the developer?

sheganinans commented 10 years ago

Also I am not satisfied with how show is being handled. Say you are using encrypted cookies, but then there is an error that shows the stacktrace on the client side. All of the cookies would be shown unencrypted.

agocorona commented 10 years ago

Hi aistis:

Ahhh. I see.... !!!!!

No problem Aistis. only the user with administrator privileges can see the trace in the browser.

The trace appears in the log of the server, but it only appears when the user is the administrator. Thaits is how ASP.NET does it too.

Anyway.. It is true that the cookies appear in the trace?. I suspect that only the line numbers and the source file name of the of code are shown

2014-02-03 Aistis Raulinaitis notifications@github.com:

Also I am not satisfied with how show is being handled. Say you are using encrypted cookies, but then there is an error that shows the stacktrace on the client side. All of the cookies would be shown unencrypted.

Reply to this email directly or view it on GitHubhttps://github.com/agocorona/MFlow/pull/15#issuecomment-33919657 .

Alberto.