Feature #1399

Use Cookies for Authentication

Added by Pavan Rikhi 8 months ago. Updated 7 months ago.

Status:NewStart date:
Priority:HighDue date:
Assignee:Pavan Rikhi% Done:

0%

Category:SecuritySpent time:-
Target version:v1.0.0 - Deployment
Easy Pickings:

Description

Storing the api key in localstorage isn't too safe since other scripts can inspect the values. We should store it in cookies instead. We'll have to show the cookie warning for EU countries, but we'd have to anyways since google analytics is storing cookies for us already.

There is a servant-auth-cookie package we can use, along with a short guide on setting everything up:
https://github.com/zohl/servant-auth-cookie/wiki/Getting-started

https://www.stackbuilders.com/tutorials/haskell/servant-auth/


Related issues

Precedes SESE Website - Feature #1158: Use Session Storage for Temporary Logins New

History

#1 Updated by Pavan Rikhi 7 months ago

  • Blocks Feature #1158: Use Session Storage for Temporary Logins added

#2 Updated by Pavan Rikhi 7 months ago

  • Blocks deleted (Feature #1158: Use Session Storage for Temporary Logins)

#3 Updated by Pavan Rikhi 7 months ago

  • Precedes Feature #1158: Use Session Storage for Temporary Logins added

#4 Updated by Pavan Rikhi 7 months ago

  • Priority changed from Normal to High
  • Description updated (diff)

#5 Updated by Pavan Rikhi 7 months ago

  • Description updated (diff)

Also available in: Atom PDF