[Openid-specs-ab] Session Management - 4.1. OP iframe sample
Ryo Ito
ritou.06 at gmail.com
Sat Jan 26 15:43:07 UTC 2013
OP iframe sample still includes the unnecessary descriptions such as
salt or the SHA256 hash.
The developer may confuse.
My suggestion of OP iframe samples:
===
window.addEventListener("message", receiveMessage, false);
function receiveMessage(e){ // e has client_id and session_state
var stat;
// Validate message origin
client_id = e.data.split(' ')[0];
if(!validate_client_origin(client_id, e.origin);){
return;
}
session_state = message.split(' ')[1];
browser_session_state = get_browser_session_state();
if (session_state == browser_session_state) {
stat = 'unchanged';
} else {
stat = 'changed';
}
e.source.postMessage(stat, e.origin);
function validate_client_origin(client_id, origin)
{
// origin validation
return true; // or false
}
function get_browser_session_state(client_id, origin)
{
// return "session state from cookie or HTML strage"
}
};
===
Ryo.
--
====================
Ryo Ito
Email : ritou.06 at gmail.com
====================
More information about the Openid-specs-ab
mailing list