perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Radoslaw Zielinski <ra...@pld-linux.org>
Subject Re: Authentication
Date Thu, 03 Aug 2006 16:31:59 GMT
Vladimir S. Tikhonjuk <vst@vst.donetsk.ua> [03-08-2006 13:51]:
>     The second method: simple handler, for example
> http://localhost/login, which checks login and password, If everything
> is O.K. make session, send cookie with session id. And another handler
> which checks every reqest for Cookie with session id and desided whether
> to give access or not.

>     Disadvantage (as I think) of first method: before every request make
> SQL query to the database for varification login and password.

You have to do a query to check if the session is valid anyway.

Valid: exists, hasn't expired, client's IP matches (ID might have been
stolen somehow), etc.

With persistent database connections and prepared statements it doesn't
hurt that much in terms of performance.  Just make sure you're not
checking what you don't have to (images, *.css, etc).

-- 
Radosław Zieliński <radek@pld-linux.org>

Mime
View raw message