XP is just a number | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Don't put the username/password combo in the cookie, encrypted or not. Instead, on the intial login, get their username/password and do the authentication. Once authenticated, put their username in a database paried with a unique session ID (I usually use Data::UUID for that) and send the session ID in the cookie. On subsequent entries, you check the session ID against your database. Keep another script in a crontab that deletes old session IDs from the database. There are various authentication modules in the Apache:: namespace, but most of them only work if you're running mod_perl on Apache. ---- Note: All code is untested, unless otherwise stated In reply to Re: Two-Way Password Encryption
by hardburn
|
|