perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Vanasco <modperl-l...@2xlp.com>
Subject Re: Session Handling/Set Session attributes
Date Wed, 17 Jan 2007 23:31:59 GMT

On Jan 17, 2007, at 5:50 PM, Tracy12 wrote:

>
> What about the security measures if we store authenticated user  
> information
> in a cookie,
>
> Cant we handle in the server session and and store it as a session  
> variable.
> This would be much secure?

you store a session id in a cookie

you store the user info on the lan, mapped to the id in the cookie

you can use checksum cookies and other stuff to mitigate cookie spoofing





// Jonathan Vanasco

| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| FindMeOn.com - The cure for Multiple Web Personality Disorder
| Web Identity Management and 3D Social Networking
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -
| RoadSound.com - Tools For Bands, Stuff For Fans
| Collaborative Online Management And Syndication Tools
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
- - - - - - - - - - - - - - - -



Mime
View raw message