The cookie should be set to be good only for that session of the browser.
The result is that, even using DHCP, it will work just fine,
since when the person disconnects and re-connects from elsewhere,
they will have to re-login to the central server.
Also, what about the idea of having the central server,
which (once it checks the passwd), creates a cookie,
does an MD5 hash of the cyphertext cookie, then RSA encrypts the hash
with a public key. (then base64 encodes it all as one string and sets the cookie).
After that, subsequent calls tear off the signature field, unencrypt it, then compare the
result to their own MD5 hash of the rest of the cookie. Since IP and username, etc.
are in the cookie, those items can also be tested, giving the same protection as the other methods.
This method is only really usefull of course in a place with multiple servers, one
central passwd server, etc. But it works. We use it.
What does this little button do . .<Click>;
"USER HAS SIGNED OFF FOR THE DAY"
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.