Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

•Re^5: Is this a secure way to prevent cookie tampering

by merlyn (Sage)
on Jun 29, 2004 at 16:35 UTC ( [id://370539]=note: print w/replies, xml ) Need Help??


in reply to Re^4: Is this a secure way to prevent cookie tampering
in thread Is this a secure way to prevent cookie tampering

Having the id as an integer allows for easy referencing from other tables. There is also the cosmetic appeal of seeing how many sessions you have gone through...
Then just send your strong secret over the wire, and use a database table to map your strong secret to a simple session ID. That'll help you reject bad secrets faster too, or even make it possible to change the secret every minute without messing up the sessions.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

  • Comment on •Re^5: Is this a secure way to prevent cookie tampering

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://370539]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2024-04-25 23:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found