RE: Encrypting or Hiding Certain Info in a URL

Generally you would save the username and password in a table with a unique user id of some sort. When the user logs in, you check that the username and password are valid and then you save the session id to a cookie or pass it back as part of the url. Your authentication scheme can then verify that the user is who they say they are for each page access. Apache::Session and CGI come in extremely handy for handling these matters. There are other ways to handle this will mod_perl, I recommend taking a look at Writing Apache Modules with Perl and C book by Lincoln Stein and Doug MacEachern. Especially chapter 6, if this is an option.

HTH

Comment on RE: Encrypting or Hiding Certain Info in a URL

Replies are listed 'Best First'.
RE: RE: Encrypting or Hiding Certain Info in a URL by Anonymous Monk on Aug 03, 2000 at 11:15 UTC
If you plan implementing session id's make sure that they are dynamic, and expire after say an hour. Each time the person logs in their session id is good for about an hour, or less. If the session id is static, it's just as good as a password.	[reply]

If you plan implementing session id's make sure that they are dynamic, and expire after say an hour. Each time the person logs in their session id is good for about an hour, or less. If the session id is static, it's just as good as a password.

If you plan implementing session id's
make sure that they are dynamic, and expire after say an hour.
Each time the person logs in their session id is good for about an hour, or less.
If the session id is static, it's just as good as a password.