Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

(bbq) Re: Re: Login and Session Thoughts

by BBQ (Deacon)
on Dec 04, 2000 at 22:16 UTC ( #44832=note: print w/replies, xml ) Need Help??


in reply to Re: Login and Session Thoughts
in thread Login and Session Thoughts

I second Fastolfe's suggestion with one minor variation:

Instead of setting one cookie witht the username + password, what I usually do is set two cookies with different expires. Username expires whenever you want, and password exprires at the end of the browser session. Unless it were a low security requirement site (such as perlmonks, we aren't exactly the NSA here :)) I would never keep the full combination of usernames and passwords on the cookie at the client.

Its way too easy for someone to use the same computer later, inspect the cookies and use that information to impersonate the user. Just my US$0.02.

#!/home/bbq/bin/perl
# Trust no1!
  • Comment on (bbq) Re: Re: Login and Session Thoughts

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://44832]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (4)
As of 2022-11-29 04:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?