Thanks Ozgun,<br>but I&#39;m using Happstack: this will be compatible?<br><br><div class="gmail_quote">On Wed, Feb 27, 2013 at 10:30 PM, Ozgun Ataman <span dir="ltr">&lt;<a href="mailto:ozataman@gmail.com" target="_blank">ozataman@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I would encourage you to take a look at the snap (the web framework) package, where this concern is handled for you as part of the &quot;session&quot; snaplet.<div>
<br></div><div>The <a href="http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session.html" style="margin:0px;padding:0px;text-decoration:none;color:rgb(171,105,84);font-family:sans-serif;font-size:12.800000190734863px;line-height:14.399999618530273px" target="_blank">Snap.Snaplet.Session</a> module and the <a href="http://hackage.haskell.org/packages/archive/snap/0.11.2/doc/html/Snap-Snaplet-Session-Backends-CookieSession.html" style="font-size:12.800000190734863px;margin:0px;padding:0px;text-decoration:none;color:rgb(171,105,84);font-family:sans-serif;line-height:14.399999618530273px" target="_blank">Snap.Snaplet.Session.Backends.CookieSession</a> ensure that contents of the cookie-persistent sessions are encrypted and so you can place anything from user ids to other secret information there, although I would certainly keep it to a minimum for size concerns.</div>

<div><br></div><div>Here it is: <a href="http://hackage.haskell.org/package/snap" target="_blank">http://hackage.haskell.org/package/snap</a></div><div><br></div><div>Hope this helps,</div><div>Oz</div><div><div class="h5">
<div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <span dir="ltr">&lt;<a href="mailto:corentin.dupont@gmail.com" target="_blank">corentin.dupont@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

So I need to &quot;encrypt&quot; the user ID in some way? What I need is to associate the user ID to a random number and store the association is a table?<br><br><br><div class="gmail_quote">On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <span dir="ltr">&lt;<a href="mailto:hesselink@gmail.com" target="_blank">hesselink@gmail.com</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Note that cookies are not the solution here. Cookies are just as user<br>


controlled as the url, just less visible. What you need is a session<br>
id: a mapping from a non-consecutive, non-guessable, secret token to<br>
the user id (which is sequential and thus guessable, and often exposed<br>
in urls etc.). It doesn&#39;t matter if you then store it in the url or a<br>
cookie. Cookies are just more convenient.<br>
<span><font color="#888888"><br>
Erik<br>
</font></span><div><div><br>
On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont<br>
&lt;<a href="mailto:corentin.dupont@gmail.com" target="_blank">corentin.dupont@gmail.com</a>&gt; wrote:<br>
&gt; Yes, having a cookie to keep track of the session if something I plan to do.<br>
&gt;<br>
&gt; On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala &lt;<a href="mailto:mats.rauhala@gmail.com" target="_blank">mats.rauhala@gmail.com</a>&gt;<br>
&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; The user id is not necessarily the problem, but rather that you can<br>
&gt;&gt; impose as another user. For this, one solution is to keep track of a<br>
&gt;&gt; unique (changing) user token in the cookies and use that for verifying<br>
&gt;&gt; the user.<br>
&gt;&gt;<br>
&gt;&gt; --<br>
&gt;&gt; Mats Rauhala<br>
&gt;&gt; MasseR<br>
&gt;&gt;<br>
&gt;&gt; -----BEGIN PGP SIGNATURE-----<br>
&gt;&gt; Version: GnuPG v1.4.10 (GNU/Linux)<br>
&gt;&gt;<br>
&gt;&gt; iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql<br>
&gt;&gt; tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt<br>
&gt;&gt; =tf0d<br>
&gt;&gt; -----END PGP SIGNATURE-----<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; _______________________________________________<br>
&gt;&gt; Haskell-Cafe mailing list<br>
&gt;&gt; <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a><br>
&gt;&gt; <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; Haskell-Cafe mailing list<br>
&gt; <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a><br>
&gt; <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
&gt;<br>
</div></div></blockquote></div><br>
<br>_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a><br>
<a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
<br></blockquote></div><br></div></div></div></div></div>
</blockquote></div><br>