perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Peters <mpet...@plusthree.com>
Subject Re: Updating cookies in header during request processing
Date Fri, 18 Sep 2009 15:51:19 GMT
On 09/18/2009 11:15 AM, James Smith wrote:

> But cookies are in general not big enough to store the information that
> a user would store on a website!

I'm not talking about eliminating a permanent data store for your users. 
I'm talking about replacing the session specific things. How much 
session specific data do you really need to store? If it's bigger than 
4K per-user than yes you can't use a single cookie. But like I said 
before, the situations that you really need more than that for *session 
specific* data are pretty rare.

> and security is not just on your server
> (but also on the clients machine) so if the browser can read it - anyone
> that can compromise the browser can also read it - if it is on the
> server that is harder!

It's almost as if people aren't reading my other emails :) If you need 
to prevent tampering, use a hash. If you need to completely secure the 
data, encrypt it.

-- 
Michael Peters
Plus Three, LP

Mime
View raw message