Best secure state saving in CGI application

Devanchya has asked for the wisdom of the Perl Monks concerning the following question:

I have a pre-exisitng CGI web application that needs to keep data very secure. We are running into an issue where caching of data between http sessions could help performance greatly.

The application uses standard CGI::BIN with basic mod_perl. MySQL database back end. There are two or three third party rest api calls that need to be made at least once a 'user session' (defined as when the user logs in, and until they are done). Looking through the options, I see a lot of talk about CGI::Session, CGI::SecureState and CGI::Cache. These all appear to be CGI like storable items.

I have looked but can not find any break down about which storage between http request sessions is recommended. Can someone point me towards such a break-down, or give experience about your use.

PS: I have tried standard search methods however running intoa bit of brick wall on getting started with true session saving with out cookies. It does need to be realitivly secure and fast, so memory storage may be best. Thank you for any hints/help.

Even smart people are dumb in most things...

Comment on Best secure state saving in CGI application

Replies are listed 'Best First'.
Re: Best secure state saving in CGI application by perrin (Chancellor) on Mar 25, 2009 at 03:08 UTC
CGI::Session with the session ID in a cookie is the default.	[reply]
Re^2: Best secure state saving in CGI application by Devanchya (Beadle) on Mar 27, 2009 at 04:15 UTC
CGI::Session looks like it is geared towards saving param data from form only. Am I missing something obvious? The data I would be saving would be long XML data strings or similar other REST api returns. Perhaps simply Cache or Cache::Memory would work better. Even smart people are dumb in most things...	[reply]
Re^3: Best secure state saving in CGI application by perrin (Chancellor) on Mar 27, 2009 at 12:45 UTC
It's a generic storage system. It doesn't matter what your store in it.	[reply]
Re: Best secure state saving in CGI application by bradcathey (Prior) on Mar 25, 2009 at 17:48 UTC
perrin is right, and when I can't use CGI::Application and its handy Plugin::Session, I go with CGI::Session. I don't know if it's more secure, but we have used CGI::Session::Driver::flexmysql to store sessions in a MySQL database (usually because we are going with load-balancing servers and can't rely on storing them in the traditional /tmp directory). —Brad "The important work of moving the world forward does not wait to be done by perfect men." George Eliot	[reply]