No such thing as a small change | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
You should take a look at Apache::Session. It might be what you're looking for.
Seriously, store only a session id in the cookie. Don't store a cleartext user id, and make sure you somehow make it impossible to calculate a valid session id. That is, the session id must be a large number - too large to be brute-forced. The distribution of the algorithm that produces the session id must be flat. And - of course - make sure the login is performed over an https connection. Other than that, make sure you properly process anything the users submit through forms or url tampering.. In reply to Re: How to make a secure website
by Jeppe
|
|