perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Peters <mpet...@plusthree.com>
Subject Re: Updating cookies in header during request processing
Date Fri, 18 Sep 2009 17:03:14 GMT
On 09/18/2009 12:57 PM, Randal L. Schwartz wrote:

> The problem with that is public web browsers.  You *cannot* ensure the
> expiration of an auth cookie, so you'll have to have some sort of server-side
> data to say "this user most recently authenticated at this time, so I still
> trust him".

Why does this have to be server side? Why can't it be part of the 
cookie's (tamper proof) data itself?

-- 
Michael Peters
Plus Three, LP

Mime
View raw message