Clear questions and runnable code get the best and fastest answer |
|
PerlMonks |
Re: How to remember who is logged in...by schweini (Friar) |
on Oct 14, 2002 at 00:57 UTC ( [id://204952]=note: print w/replies, xml ) | Need Help?? |
here's what i usually do: after authentication, i send the user a cookie with the sessionid, and log that in my DB. every time the user clicks somewhere, i look up that sessionid in my db, check whether that session "timed out". if the session's still alive, i set my "lastaction" column to time(). oh, yea - i also log the $ENV{'REMOTE_ADDRESS'}, just in case somebody steals the cookie (i know - IPs can be faked, but it ain't THAT easy). sometimes, i Storable::freeze and Storable::thaw some session-data into my DB, too (can come in quite handy). i know this is kinda re-inventing the wheel, but it's a small wheel, and i personally like knowing everything about my session-managment, so that i can do whatever i please with it anytime. speaking of security: what's the most secure way to handle sessions? how do banks do it? is there another way?
In Section
Seekers of Perl Wisdom
|
|