comment on

I do use cookies to do something like this. When the user logs in I generate a session id string containing their username, a time-stamp and a random string.

One thing I like to add to the mix is the client IP address and force a relogin if the IP address changes. This is because in an intranet envronment (such as discussed here) IP addresses are unlikely to hange during normal use. If the IP address does change then this is an indication that someone may be trying to hack (so log the attept as well!).

Typically its a good idea to not set the expiry time/date for a cookie because if yo leave it blank then it will expire at the end of the session - i.e. when the user closes his browser - which is normally the required behavious (log in once then not again).

Dingus

Enter any 47-digit prime number to continue.

In reply to Re: Re: Safely storing password by dingus
in thread Safely storing password by sdyates

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.