good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
What I've done in the past is to generate a fairly unique base64 string (20 digits or so) and send the user a cookie with that string when they first log in. I figure the chance that another user guessing that is low and if they were snooping the line, well, they'd have the password anyway, so why bother with a more elaborate setup? I then check the cookie every request and expire the cookie after a time-out of say 1/2hr or whatever (usually user alterable). I do this over the built-in password checking because, well, I wanted to figure out how and prefer the little login boxes over the pop-up style =) Of course, these were all in the name of seeing if I could do it, so I didn't consult the all-mightly CPAN before re-engineering the wheel. -Ducky In reply to Re: Session handling security
by ducky
|
|