The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
Tim Holloway wrote:Hmmm. This is new to me and I need to investigate it. Especially I need to investigate whether or not this particular mechanism is actually appropriate for webapps. Just because it's in a web article doesn't always mean it's purest gold - I read one the other day that was very useful but the author was completely unaware that in JSF your backing beans are NOT Controllers. So things can be wrong in minor or major details.
Tim Holloway wrote:
One thing you should pay attention to when attempting to make sense of this or any other article is that security consists of 2 distinct components: Authentication and Authorization.
...
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.
Tim Holloway wrote:If your definition of "remember me" is what I think it is, that's usually done by setting a cookie with the user's ID in it. That's what the JavaRanch does. It doesn't require any complex new-fangled security subsystem, since cookies work everywhere that they aren't disabled by the client.
It's really about the only reliable way. You cannot remember the user's source IP address, since on a dynamically-addressed system, that can change at unpredictable times. And if NAT is in effect, an entire office full of users can end up coming from the same IP address. There's no other uniqueness identified that can be transmitted automatically and freely over the Internet.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.