httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukas Ruf <>
Subject Re: [users@httpd] Identifying a session
Date Sat, 28 Dec 2002 16:37:18 GMT

> Chris Taylor <> [2002-12-28 17:30]:
> In the past, I normally use a Database with all my user details, and
> store a hash of the password (ie, something non reversible) and the
> user id in the cookie. That effectively means you can auth them on
> every page (check that the server-generated hash matches the cookie's
> one) without any trouble, and is sufficiently quick to execute.
> It also gives you a lot more options that using REMOTE_USER only.
> However, I generally design semi-secure sites (basic forums, add-on
> login functions etc). Of course, you can SSL on top of all this to
> add a bit of *real* security.

yupp!  I will follow this hint to optimize my approach once I got it


Lukas Ruf
Wanna know anything about raw ip? 
Join on

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message