perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Chudov <>
Subject Re: Updating cookies in header during request processing
Date Fri, 18 Sep 2009 16:33:34 GMT
Hi Randal, nice to see you. Your suggestion is where I am coming FROM: right
now the cookie is only a key into the mysql table which holds session data.

What I want  is to stop using that table altogether and let the browser hold
the information, in a manner that is straightforward, flexible and secure.


On Fri, Sep 18, 2009 at 9:33 AM, Randal L. Schwartz

> >>>>> "Igor" == Igor Chudov <> writes:
> Igor> I was very excited by the suggestion to use cookies to store the
> entire
> Igor> session information, and to keep it safe by means of base64 encoding
> and
> Igor> MD5 hash with a secret salt, for storing session information securely
> on
> Igor> the client.
> Ahh, phase 2 of cookie awareness.  When you get to phase 3, you realize
> that
> cookies should really just be used to distinguish one browser from another,
> and hold everything server-side instead for far better security and
> flexibility.  (Remember, server-side could be something as simple as
> DBM::Deep, which is a single-file zero-install module that gives you
> arbitrary persistent Perl data structures efficiently.)
> See my (slightly aged but still valid) write-up of this at:
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <> <URL:>
> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
> See for Smalltalk and Seaside
> discussion

View raw message