Re: CGI::Session and simple authentication

You can also do nifty things, like create a hash with the current time, combined with their IP address. This helps in session tracking, and helps prevent hijacking of those sessions. The current time portion of the hash can also be used nullify a session after a chosen timeout period you can set, or allow the user to set, via preferences.

--Chris

Ąλɐp ʇɑəɹ⅁ ɐ əʌɐɥ puɐ ʻꜱdləɥ ꜱᴉɥʇ ədoH

Comment on Re: CGI::Session and simple authentication

Replies are listed 'Best First'.
Re^2: CGI::Session and simple authentication by Kyshtynbai (Sexton) on Jun 03, 2014 at 08:35 UTC
Thanks! But I think IP check is not a good option: most of the internet providers are using shared IPs over NAT, so until we are not switched to IPv6, when everyone will have their own real IP, IP check is almost useless.	[reply]
Re^3: CGI::Session and simple authentication by taint (Chaplain) on Jun 03, 2014 at 09:08 UTC
Most of the Internet, does have a unique IP address. Indeed many are also NAT'd. But they too can be tracked uniquely. In the case of tracking IP's to your web site; the chances of your getting two people sharing an IP, are pretty slim. In fact, there are many ways, and Perl modules to get a visitors actual origin. But perhaps more involved, than you're willing to go for something like this. Best wishes. --Chris Ąλɐp ʇɑəɹ⅁ ɐ əʌɐɥ puɐ ʻꜱdləɥ ꜱᴉɥʇ ədoH	[reply]
Re^4: CGI::Session and simple authentication by Kyshtynbai (Sexton) on Jun 03, 2014 at 10:15 UTC
I see. Thanks!	[reply]