You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by John Moylan <jo...@nuatech.net> on 2008/02/07 16:06:07 UTC
Cookie encryption
Hi,
I am trying to read roller cookies for SSO from another app, but I
can't find any reference to the cookie encryption that Roller uses for
it's "Rememberme" cookies? I understand that there is a salt in the
roller properties file, but what else is used to generate the hash?
Thanks,
John
Re: Cookie encryption
Posted by John Moylan <jo...@nuatech.net>.
username + ":" + expiryTime + ":" + Md5Hex(username + ":" + expiryTime +
":" + password + ":" + key)
Thanks
On Thu, 2008-02-07 at 09:40 -0700, Matt Raible wrote:
> Acegi's TokenBasedRememberMeServices contains the logic used to set
> the RememberMe cookie.
>
> See its loginSuccess method for more information:
>
> http://www.acegisecurity.org/acegi-security/xref/org/acegisecurity/ui/
> rememberme/TokenBasedRememberMeServices.html
>
> Matt
>
> On Feb 7, 2008, at 8:06 AM, John Moylan wrote:
>
> > Hi,
> >
> > I am trying to read roller cookies for SSO from another app, but I
> > can't find any reference to the cookie encryption that Roller uses for
> > it's "Rememberme" cookies? I understand that there is a salt in the
> > roller properties file, but what else is used to generate the hash?
> >
> >
> > Thanks,
> > John
>
Re: Cookie encryption
Posted by Matt Raible <ma...@raibledesigns.com>.
Acegi's TokenBasedRememberMeServices contains the logic used to set
the RememberMe cookie.
See its loginSuccess method for more information:
http://www.acegisecurity.org/acegi-security/xref/org/acegisecurity/ui/
rememberme/TokenBasedRememberMeServices.html
Matt
On Feb 7, 2008, at 8:06 AM, John Moylan wrote:
> Hi,
>
> I am trying to read roller cookies for SSO from another app, but I
> can't find any reference to the cookie encryption that Roller uses for
> it's "Rememberme" cookies? I understand that there is a salt in the
> roller properties file, but what else is used to generate the hash?
>
>
> Thanks,
> John