Added a checkbox on login or register to remember the current user. If
the login is successful, this sets a cookie with a random code (saved
in the DB). If they come back, and they aren't logged in "normally",
we check to see if they have a rememberme cookie. If so, we log them
in.
However, they can't change settings -- cookie theft is too prevalent.
So we mark a session as having a "real" (password or OpenID) login, or
not. In settings pages, we check to see if the login is "real", and if
not, we redirect to the login page.
darcs-hash:20080624025234-34904-ad20001bf35bf41fcb63a0c357fd929aacc55fdb.gz
Weirdly, I got in an argument with Tim Berners-Lee in #swig about the
tag URIs I was using in FOAF documents. Eventually, I was convinced
that it's a better thing to use HTTP URLs instead. So, now we have
HTTP URLs.
The tricky thing was for users. Since they can change their names, we
can't use their profile URL, since it includes the name. Instead, I
made up a new action, which simply redirects from a user ID to their
current profile URL. This should be sufficiently long-term.
darcs-hash:20080620071700-84dde-c6145243dc45dd2dff621aff421375d05796057e.gz
Added some code to make finishing the OpenID login work.
Changed the OID storage so that there's a "canonical" URL and a
display URL. This is because of i-names, which is annoying.
If the login succeeds, we try to find a local user associated with the
canonical URL. If they don't exist, we let the user either create a
new account, or login to an existing account and connect to it.
A totally unrelated change is that the DB engine now uses InnoDB.
darcs-hash:20080618052638-84dde-909e51dbd5b9eadadf18cd010868baa18ea2349a.gz