perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jj...@imation.com
Subject Re: [Newbie Q] Cleanest way to implement one logon per user?
Date Thu, 01 Aug 2002 19:21:35 GMT
This isn't strictly a mod_perl thing but this is probably the safest way 
to make  this happen. This happens to be how I've created a secure (by my 
definition. correct me if I get something wrong) web application.

Pipe everything through an SSL tunnel
The initial logon is username + password. A session id # is incremented 
and stored on the web client in a cookie. A md5 hash of that session id 
and a stored secret on the server is also passed to the web client and 
stored in a cookie. From here on out the web client must present an 
accurate session id # + md5 hash. While the session # is predictable it is 
guaranteed to be unique. The hash prevents users from modifying the 
session# since an attacker would not be able to create the correct hash 
for other session #s.

So from there a user session table only holds one stored session # / hash 
per username. This would allow one authenticated user to have many open 
windows but would not allow multiple sessions per user. You can extend 
this concept to force a user to use only a single browser window though 
that is pretty draconian.

Josh




Baljit Sethi <baljit@bcaresearch.com>
08/01/2002 02:08 PM

 
        To:     "'modperl@apache.org'" <modperl@apache.org>
        cc: 
        Subject:        [Newbie Q] Cleanest way to implement one logon per user?


Hello. 
I am hoping someone can point me in the right direction. 
What I want to do is limit client logons to one logon per username ie 
while a client has a session open, he/she cannot logon to the website from 
another terminal.
Platform: Apache 1.3.x with mod_perl & DBI 
I have looked high and low, gone through Apache book after book with no 
measurable success (mod_usertrack & mod_session are the only modules 
briefly mentioned).
If someone could just point me in the right direction, I will gladly do 
all the required research. 
TIA, 
Ballay :) 



Mime
View raw message