perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ask Bjørn Hansen <>
Subject Re: Ways to scale a mod_perl site
Date Fri, 18 Sep 2009 22:38:10 GMT

On Sep 16, 2009, at 9:13, Brad Van Sickle wrote:

>> I've never seen the need to do that. In fact, I would suggest you  
>> drop sessions altogether if you can. If you need any per-session  
>> information then put it in a cookie. If you need this information  
>> to be tamper-proof then you can create a hash of the cookie's data  
>> that you store as part of the cookie. If you can reduce the # of  
>> times that each request needs to actually hit the database you'll  
>> have big wins.
> Can I get you to explain this a little more?  I don't see how this  
> could be used for truly secure sites because I don't quite  
> understand how storing a hash in a plain text cookie would be secure.

If you are just concerned about the cookie being changed; add a time  
stamp and a hash to the cookie data.

There's an example on page 19 of 

If you are concerned about the cookie being readable at all, you can  
encrypt the whole thing.

Either way it's "tamper proof".

   - ask

-- -

View raw message