Re: Re: Re: Is this a secure way to handle login?

in reply to Re: Re: Is this a secure way to handle login?
in thread Is this a secure way to handle login?

Hello.

The method described here is not the same as regular session management. In the regular session management, the session id stays still during the session. Here, it is supposed to change on every page load.

Update: It seems I'm the one who misunderstood the method. However, I think my method (creating a new ID on every page load) would be a bit more secure.

--
Alper Ersoy

Comment on Re: Re: Re: Is this a secure way to handle login?

Replies are listed 'Best First'.
Re: Re: Re: Re: Is this a secure way to handle login? by tipthepizzaguy (Initiate) on Mar 28, 2002 at 05:19 UTC
The method I discribed does keep the session ID constant during the session. The random number is created at login and does not change until the user logs in again.	[reply]

In Section Seekers of Perl Wisdom