comment on

What I've done in the past is to generate a fairly unique base64 string (20 digits or so) and send the user a cookie with that string when they first log in.

I figure the chance that another user guessing that is low and if they were snooping the line, well, they'd have the password anyway, so why bother with a more elaborate setup?

I then check the cookie every request and expire the cookie after a time-out of say 1/2hr or whatever (usually user alterable).

I do this over the built-in password checking because, well, I wanted to figure out how and prefer the little login boxes over the pop-up style =)

Of course, these were all in the name of seeing if I could do it, so I didn't consult the all-mightly CPAN before re-engineering the wheel.

-Ducky

In reply to Re: Session handling security by ducky
in thread Session handling security by Fingo

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


good chemistry is complicated, and a little bit messy -LW
	PerlMonks