[Openid-specs-ab] Session Management - 4.1. OP iframe sample
Mike Jones
Michael.Jones at microsoft.com
Sat Jan 26 17:51:31 UTC 2013
Breno and Naveen, do you agree with the code below?
-- Mike
________________________________
From: Ryo Ito
Sent: 1/26/2013 7:43 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Session Management - 4.1. OP iframe sample
OP iframe sample still includes the unnecessary descriptions such as
salt or the SHA256 hash.
The developer may confuse.
My suggestion of OP iframe samples:
===
window.addEventListener("message", receiveMessage, false);
function receiveMessage(e){ // e has client_id and session_state
var stat;
// Validate message origin
client_id = e.data.split(' ')[0];
if(!validate_client_origin(client_id, e.origin);){
return;
}
session_state = message.split(' ')[1];
browser_session_state = get_browser_session_state();
if (session_state == browser_session_state) {
stat = 'unchanged';
} else {
stat = 'changed';
}
e.source.postMessage(stat, e.origin);
function validate_client_origin(client_id, origin)
{
// origin validation
return true; // or false
}
function get_browser_session_state(client_id, origin)
{
// return "session state from cookie or HTML strage"
}
};
===
Ryo.
--
====================
Ryo Ito
Email : ritou.06 at gmail.com
====================
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130126/e2e5313f/attachment.html>
More information about the Openid-specs-ab
mailing list