Greetings Monks

I'm writing a CGI and I want to have authenticated sessions. I can to authentication fine, but I've never done sessions before. I've always written CGI that accept credentials and commands in one go, so I never had to do any kind of sessions before.

Yes, this will be SSL encrypted.

Cookies seem to be involved, but I don't know a thing about what they should look like, how they should act, etc...

I'm thinking of using the concept from one-time-passwords. The server generates a new token on each request and only accepts each token once. If a baddie gets the token they can't use it if the legit user already has, or if they use it before the legit user, the legit user gets locked out and they know something is wrong.

I'm trying to do something that really wants authenticated sessions and I really want to do this right.

Update:

Even if I don't write my own session handler, I should know how sessions are supposed to work so I can pick a good one to use.

In reply to Session Security? by pileofrogs

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.