Re: mod_perl and PHP

Why not share everything through a database? I'm currently designing a system where you can use Zope (main system), PHP and perl. Everything is then connected to MySQL. Instead of encrypting your cookies, just give them an MD5 or random value and store all the info you now have encrypted in the cookies server-side. In short let all session and user info be stored in and retrieved from the database.

/jeorgen

Comment on Re: mod_perl and PHP

Replies are listed 'Best First'.
Re: Re: mod_perl and PHP by BMaximus (Chaplain) on Mar 25, 2001 at 17:15 UTC
The reason why I have encrypted cookies is to store the session key on them. Not the session's information. That would make the cookie too big and I feel that would be an abuse of the system. If I don't encrypt the cookies there stands a chance of someone going in and mucking around with the cookie to see what they can do. I've seen it happen and I'm not about to take chances with my client's data. I'm being paid to be paranoid. Anyways, I've learned that PHP also has the ability to decrypt with Blowfish so I think I have the problem solved. What I wanted to do was use PerlAccessHandler and create a module to grab the cookie and allow access to the PHP module. The problem with doing that is when the handler lets it through, how does the PHP module know what the session id is or the member id. PerlAccessHandler can't pass anything to the PHP through Apache. Hey if I'm wrong, I'd love to hear it. BMaximus	[reply]

Replies are listed 'Best First'.

Re: Re: mod_perl and PHP
by BMaximus (Chaplain) on Mar 25, 2001 at 17:15 UTC

PerlAccessHandler

[reply]