Opened 8 years ago

Closed 7 years ago

#3717 closed enhancement (wontfix)

Decide on appropriate mechanism to save current search filters

Reported by: cypherpunks Owned by:
Priority: Medium Milestone:
Component: TorStatus Version:
Severity: Keywords:
Cc: jfehr@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Currently, TorStatus requires cookies to be enabled, which are used only to store hashed sessionIDs that map to encrypted search preferences that are stored on the TorStatus server. Many users have cookies disabled, however. We should provide functionality to these users.

Some Django programmers have written middleware that passes the sessionID as a GET to the controller if the client has cookies disabled. This doesn't seem to be any more secure than simply enabling cookies for the TorStatus website, however.

It'd be nice to hear what everyone thinks about the mechanism that is currently being used to store search preferences. What would be better way to implement this functionality?

Child Tickets

Change History (3)

comment:1 Changed 8 years ago by Sebastian

Passing search parameters via get queries would definitely be the preferred way for me. If this is just stored in a cookie, I can't paste links so that others can see the same thing that I see. I'm not sure what security aspect there is in this regard here, can you elaborate on that?

comment:2 in reply to:  1 Changed 8 years ago by jfehr

Cc: jfehr@… added

Replying to Sebastian:

Passing search parameters via get queries would definitely be the preferred way for me. If this is just stored in a cookie, I can't paste links so that others can see the same thing that I see. I'm not sure what security aspect there is in this regard here, can you elaborate on that?

Sure: I'm not sure there is a security aspect at work here, either. The point that I meant to make was that if a client has cookies disabled, passing the sessionID through a get doesn't seem like it would be too different than passing it through a cookie.

We could certainly pass queries through GETs, though doing this right might require a significant reorganization of the website. As TorStatus is written now, if a user wants to query the list of Tor relays, and then decides that she wants to change the order of the columns, those GET queries would be lost upon loading of the Column Preferences page. Similarly, if the user defined Column Preferences via GET queries and then wanted to add search filters, the GET queries related to the Column Preferences would be lost. We could pass the GETs to every page that the user visits to remedy this problem, though that might result in some pretty nasty URLs.

comment:3 Changed 7 years ago by karsten

Resolution: wontfix
Status: newclosed

We stopped maintaining TorStatus long ago in favor of Onionoo/Atlas. This problem is TorStatus-specific, so we won't work on it. Closing.

Note: See TracTickets for help on using tickets.