[aerogear-dev] Create a comprehensive cookie management API / Provide a parameter to enable/disable the usage of cookies
Summers Pittman
supittma at redhat.com
Tue Aug 20 09:53:17 EDT 2013
On 08/20/2013 04:11 AM, Matthias Wessendorf wrote:
> hello,
>
> going over the iOS JIRAs, I found this:
> https://issues.jboss.org/browse/AGIOS-6
>
> and wasn't really sure on 'why' this is needed. A bit more search made
> me find this Android ticket:
> https://issues.jboss.org/browse/AGDROID-28
>
> which has a bit more information.
>
> However, I guess we should discuss if such a 'Cookie mgmt API' is
> really needed. For JS I couldn't find a similar ticket.
>
> Any thoughts ?
Since it might be security season now with summer Push being over this
is a great time to discuss cookies.
Right now cookies are only "officially" used by the AeroGear
Authentication module. In theory that module can handle the cookie
header on its own and keep us from having to implement a
API/facade/proxy/EnterpriseBuzzwordPattern.
In practice some websites also set a cookie when you are using HTTP
Basic or HTTP Digest authentication. By the (RFC) spec the way you
handle logging out in this case is to stop sending the header the logout
methods (on Android) only clear the local credentials. As a convenience
these methods do wipe the local cookie store to make sure any session
cookie is wiped out.
Beyond session/authorization state I havn't heard of webservices using
cookies. (something something stateless). So I'm not sure if a cookie
discussion beyond this scope matter.
>
> -Matthias
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130820/430bf3fe/attachment-0001.html
More information about the aerogear-dev
mailing list