CookieStore on Yaws
I implemented a session cookie store, just like the one in Ruby on Rails 2.0.
Available with the same caveats :
Session data is encoded in base64 and sent in the cookie with a SHA MAC of this data.
This means that the user can see what’s inside, but will not be able to tamper with it.
Moreover session data should stay in small amount as the encoded and signed data may not exceed 4096 bytes.
This being said, that should give us Yaws clustering for free 🙂
And no more sessions to expire, just set the cookie expiration date.
One small thing, make sure crypto is started.
session1.yaws has been rewritten to make use of this code.