Re: Authenticate with Cookies

If you want to avoid the database hit, use a one-way keyed hash of the name or session ID or something. Then you can re-compute it quickly without the disk hit, to see if it matches.

Comment on Re: Authenticate with Cookies

Replies are listed 'Best First'.
Re: Re: Authenticate with Cookies by Anonymous Monk on Dec 25, 2002 at 20:40 UTC
I understand what you mean, but am not sure how to do it in practice. You are saying that I could run some computation to translate the username into a unique set of numbers. This computation would be done the same way for all the usernames, letting me easily see if the username and number matches, right? How would I compute a set of numbers from the username? Thanks	[reply]
Re: Re: Re: Authenticate with Cookies by John M. Dlugosz (Monsignor) on Dec 26, 2002 at 03:44 UTC
See the Digest::HMAC module, which does that. The result is not unique, but hard to guess because it's 128 or 160 bits, and impossible to figure backwards other than guessing, and nobody else can do it without knowing the same key. Read up on "digest", "one-way hashing function" and "keyed hashing" as a cryptographic primitive.	[reply]