Return-Path: Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: (qmail 69488 invoked from network); 18 Jan 2007 00:11:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 18 Jan 2007 00:11:48 -0000 Received: (qmail 4152 invoked by uid 500); 18 Jan 2007 00:11:48 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 4145 invoked by uid 500); 18 Jan 2007 00:11:48 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 4134 invoked by uid 99); 18 Jan 2007 00:11:48 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Jan 2007 16:11:48 -0800 X-ASF-Spam-Status: No, hits=0.9 required=10.0 tests=FORGED_YAHOO_RCVD,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of lists@nabble.com designates 72.21.53.35 as permitted sender) Received: from [72.21.53.35] (HELO talk.nabble.com) (72.21.53.35) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Jan 2007 16:11:38 -0800 Received: from [72.21.53.38] (helo=jubjub.nabble.com) by talk.nabble.com with esmtp (Exim 4.50) id 1H7KsA-0007eg-0N for modperl@perl.apache.org; Wed, 17 Jan 2007 16:11:18 -0800 Message-ID: <8422602.post@talk.nabble.com> Date: Wed, 17 Jan 2007 16:11:17 -0800 (PST) From: Tracy12 To: modperl@perl.apache.org Subject: Re: Session Handling/Set Session attributes In-Reply-To: <2A16D447-EF48-4028-B41A-1B0128FBDA92@2xlp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: j_lalith@yahoo.com References: <8420979.post@talk.nabble.com> <45AEA3E2.2050904@aol.net> <8421325.post@talk.nabble.com> <2A16D447-EF48-4028-B41A-1B0128FBDA92@2xlp.com> X-Virus-Checked: Checked by ClamAV on apache.org Well does this all mean there is limited features to do session handling on mod_perl. Well I am new to mod_perl but in JAVA/Servlet you can do a simple thing like this request.getSession().setAttribute("my_remote_user",); for subsequent requests we can retrieve this attribute and do what we want. I expected similar session handleing feature availabe in mod_perl as this is a common requirement. "store the user info on the lan, mapped to the id in the cookie" is something which we need to think, Isnt there a easy way to store information on user session. Other doubt that we have is Because the user successful in his first Authentication, Isnt there a way to retrieve the remote_user variable in the subsequent requests (I may be wrong as well all new to this). Thanks Jonathan Vanasco-5 wrote: > > > On Jan 17, 2007, at 5:50 PM, Tracy12 wrote: > >> >> What about the security measures if we store authenticated user >> information >> in a cookie, >> >> Cant we handle in the server session and and store it as a session >> variable. >> This would be much secure? > > you store a session id in a cookie > > you store the user info on the lan, mapped to the id in the cookie > > you can use checksum cookies and other stuff to mitigate cookie spoofing > > > > > > // Jonathan Vanasco > > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > | FindMeOn.com - The cure for Multiple Web Personality Disorder > | Web Identity Management and 3D Social Networking > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > | RoadSound.com - Tools For Bands, Stuff For Fans > | Collaborative Online Management And Syndication Tools > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > > > > -- View this message in context: http://www.nabble.com/Session-Handling-Set-Session-attributes-tf3030824.html#a8422602 Sent from the mod_perl - General mailing list archive at Nabble.com.