Basic specification for Sessions control

alexandrialibrary / Alexandria

Alexandria is a simple little card catalogue webapp with a terribly pretentious name.

MIT License

2 stars 1 forks source link

Basic specification for Sessions control #18

Open hawkw opened 9 years ago

hawkw commented 9 years ago

This will need, at a minimum: POST to create a session, DELETE to destroy a session. We'll probably send passwords in cleartext and hash them on the server for security reasons.

hawkw commented 9 years ago

We may want to consider some sort of scheme for hashing user names as well so that a man in the middle can't easily associate a cleartext password with a username.

hawkw commented 9 years ago

Scalatra has a nice built-in framework, called Scentry, for handling authentication. I should probably look into Scentry before we start writing this spec.