There's more than one way to do things | |
PerlMonks |
Re: Re: Perl Cookie Encryptionby saintmike (Vicar) |
on Apr 08, 2004 at 22:38 UTC ( [id://343787]=note: print w/replies, xml ) | Need Help?? |
An easy way would be saving the remote IP together with browser signature inside the session, and rejecting any request not matching the stored info The client's IP often changes in between requests. If the client's ISP is using a rotating proxy (which many big ISPs do), this is so common that it renders this approach unusable. There is no 100% secure and browser-independent way to prevent a stolen cookie being replayed by the thief, impersonating the user.
In Section
Seekers of Perl Wisdom
|
|