perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Drew Taylor <>
Subject Re: [OT-ish] Session refresh philosophy
Date Tue, 19 Feb 2002 23:09:36 GMT
At 05:55 PM 2/19/2002 -0500, Perrin Harkins wrote:
>Incidentally, this is mostly the same thing as what Jeffrey Baker mentioned
>a few days ago about storing state entirely inside a cookie with a message
>digest.  The only difference is that by sticking it in a form element you're
>attaching it to a specific page.

True. I was very intrigued by his approach, and might use something like 
that to increase the security of my app by verifying the hidden form field 
contents. I suppose I could follow his approach, but the amount of data I 
need to store could possibly overwhelm the 4KB cookie limit. In this case, 
simple was better - simple application, simple session. And I know I can 
count on every browser implementing forms. :-)


Drew Taylor                     JA[P|m_p|SQL]H      Just Another Perl|mod_perl|SQL Hacker      *** God bless America! ***

View raw message