perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mer...@stonehenge.com (Randal L. Schwartz)
Subject Re: Updating cookies in header during request processing
Date Fri, 18 Sep 2009 16:57:50 GMT
>>>>> "Igor" == Igor Chudov <ichudov@gmail.com> writes:

Igor> In my case, in almost all instances, the only thing I would want to
Igor> store is authenticated userid.

The problem with that is public web browsers.  You *cannot* ensure the
expiration of an auth cookie, so you'll have to have some sort of server-side
data to say "this user most recently authenticated at this time, so I still
trust him".

And once you've done that, why store *any* auth client side?  Just brand the
browser, as my article says.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion

Mime
View raw message