Don't ask to ask, just ask | |
PerlMonks |
Re: Cookie based authentication: Is it secure?by wardk (Deacon) |
on Aug 28, 2000 at 21:14 UTC ( [id://30007]=note: print w/replies, xml ) | Need Help?? |
Recently used cookies for authentication at a customer site. While I can't submit any code from that particular project. Here is how I addressed the problem.
Some of the "extra" data I encrypted was date info, so it also acted as a user timeout. (handled by my program, not using a cookie "expire") Not sure I've explained it clearly, but this technique worked, and worked fast. One gotcha is crypt can create some characters that can get hosed sending via the server, so I had some additional escape'ing of non-valid cookie characters. Since I seemed to have rambled a bit here, and I am pressed for time, feel free to email me for a clearer explantion. wardk@wardk.org
In Section
Seekers of Perl Wisdom
|
|