Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Re: Re: Perl Win32 Apache/IIS Session Management

by sifukurt (Hermit)
on Jan 16, 2002 at 19:47 UTC ( #139224=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Perl Win32 Apache/IIS Session Management
in thread Perl Win32 Apache/IIS Session Management

Absolutely. Home-brewed solutions tend to end up like CipherTextI. In the past, I've used a fairly simple system that I described in a previous thread, Administration Ignorance. In that example, I use Crypt::RC4, though there are any number of other quality encryption modules that you could use in its place. In addition to Crypt::RC4 and the two modules mentioned by moodster, I'd also suggest Crypt::Rijndael and Crypt::Blowfish. All of these modules are easy to use and relatively fast.
___________________
Kurt
  • Comment on Re: Re: Re: Perl Win32 Apache/IIS Session Management

Replies are listed 'Best First'.
IIS sessions from perl?
by learn_forever (Acolyte) on Jan 16, 2002 at 20:22 UTC
    I agree with Cyphering, but we got to remember that the calling code is written in ASP.

    Does ASP supports the encryptions as the same way as Perl does, to have a exact crypt->decrypt pair?

    Now coming back to original case, can anyone give me an idea how one can fetch the session information of IIS from perl code(I mean .pl codes not the perlscripted ASP code)?

    If yes how can I initiate IIS session object in my perl code which would reurn me session data.

    Thanks
      Now coming back to original case, can anyone give me an idea how one can fetch the session information of IIS from perl code(I mean .pl codes not the perlscripted ASP code)?

      If yes how can I initiate IIS session object in my perl code which would reurn me session data.
      I've already explained in the first post that you can't access the IIS Session object anywhere EXCEPT from the ASP application. That's why I suggested dumping the Session data somewhere for the non-ASP code to read. Reread my original post.
      Does ASP supports the encryptions as the same way as Perl does, to have a exact crypt->decrypt pair?
      ASP isn't a language. From your post it is not clear what language you are using in your ASP. It suggests you are using PerlScript rather than VBScript. If you're using PerlScript, then yes, you can encrypt/decrypt in the same way you can in normal perl scripts. If you're using VBScript, you'll have to find an encryption component that uses a known encryption method so you can decrypt in perl.

      But by far the easiest method is that which I described earlier: Iterate through the ASP Session collection and store the data on the server (database or file). Associate a random key with that data, and use that key in the querystring. So when you link to your Apache website, you do something like this:

      http://apacheserver/myscript.pl?id=fh45sg#45dgf.
      Your perl script then accesses and reads in the session data into a hash. Make sure that the key is as random as possible and difficult to guess someone else's key. Making them invalid after a certain time would also be a good precaution.

      Simon Flack ($code or die)
      $,=reverse'"ro_';s,$,\$,;s,$,lc ref sub{},e;$,
      =~y'_"' ';eval"die";print $_,lc substr$@,0,3;

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://139224]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (6)
As of 2022-08-11 08:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?