perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mer...@stonehenge.com (Randal L. Schwartz)
Subject Re: Updating cookies in header during request processing
Date Fri, 18 Sep 2009 14:33:03 GMT
>>>>> "Igor" == Igor Chudov <ichudov@gmail.com> writes:

Igor> I was very excited by the suggestion to use cookies to store the entire
Igor> session information, and to keep it safe by means of base64 encoding and
Igor> MD5 hash with a secret salt, for storing session information securely on
Igor> the client.

Ahh, phase 2 of cookie awareness.  When you get to phase 3, you realize that
cookies should really just be used to distinguish one browser from another,
and hold everything server-side instead for far better security and
flexibility.  (Remember, server-side could be something as simple as
DBM::Deep, which is a single-file zero-install module that gives you
arbitrary persistent Perl data structures efficiently.)

See my (slightly aged but still valid) write-up of this at:

  http://www.stonehenge.com/merlyn/WebTechniques/col61.html

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion

Mime
View raw message