perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Randal L. Schwartz)
Subject Re: Updating cookies in header during request processing
Date Fri, 18 Sep 2009 16:57:50 GMT
>>>>> "Igor" == Igor Chudov <> writes:

Igor> In my case, in almost all instances, the only thing I would want to
Igor> store is authenticated userid.

The problem with that is public web browsers.  You *cannot* ensure the
expiration of an auth cookie, so you'll have to have some sort of server-side
data to say "this user most recently authenticated at this time, so I still
trust him".

And once you've done that, why store *any* auth client side?  Just brand the
browser, as my article says.

Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<> <URL:>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See for Smalltalk and Seaside discussion

View raw message