Re^3: CGI::Session --help

You're right, but it does resolve the original request, which the much better cookie method doesn't.

You could improve the security of a URL-based session id by:

use CGI::Session ( '-ip_match' );
[download]

which will only allow the session if it's coming from the same IP number (downside: if your ISP changes your IP address mid-session, you'll be logged out).

Also you can improve things a little by timing out the session relatively quickly.

It's worth noting that the same security hole exists using cookies, in that somebody with a copy of your cookie could get access as you. It's just that it's a little harder for you to publish your cookie inadvertently.

oxone | www.datasalon.com

Comment on Re^3: CGI::Session --help Download Code

Replies are listed 'Best First'.
Re^4: CGI::Session --help by moritz (Cardinal) on Aug 28, 2007 at 12:16 UTC
You're absolutely right. Somehow the original question sounds like a XY Problem because it's not the usually desired behaviour.	[reply]
Re^5: CGI::Session --help by Anonymous Monk on Aug 29, 2007 at 04:13 UTC
I Asked X , I Mean X and I Want A Solution For X ...Period !! -- Thnx n Regards Cherry	[reply]