Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I'm using CGI::Session with the memcached driver. I'm wondering if there is an accepted method to prevent the sharing of accounts (username/password). Thank you.
  • Comment on CGI::Session, method to stop account sharing

Replies are listed 'Best First'.
Re: CGI::Session, method to stop account sharing
by SuicideJunkie (Vicar) on Apr 13, 2011 at 19:24 UTC

    What about simply having a hash mapping usernames to their most recent session ID?

    If the user is just logging on, update the hash. If the user is doing anything else, check to make sure that their current session matches the one in the hash.

[reply]
      That's a good idea... but I must use memcached, as this code needs to run on a farm of webservers (each one pushing as much throughput as possible), with many memcached servers. This may be premature... but after reading the CGI::Session::Driver::memcached code, I believe, that in my case, it's unusable. It uses the sid as the key. This will fill up my 4G memcached space in no time. Since the sid is random, I won't have any practical method to age out sessions. I have already written my own driver to replace it. Thanks for your reply.
[reply]
Re: CGI::Session, method to stop account sharing
by Anonymous Monk on Apr 13, 2011 at 17:05 UTC
    What do you mean?
[reply]
      Stop duplicate simultaneous logins.
[reply]

Back to Seekers of Perl Wisdom