Re: CGI::Session, method to stop account sharing

What about simply having a hash mapping usernames to their most recent session ID?

If the user is just logging on, update the hash. If the user is doing anything else, check to make sure that their current session matches the one in the hash.

Comment on Re: CGI::Session, method to stop account sharing

Replies are listed 'Best First'.
Re^2: CGI::Session, method to stop account sharing by Anonymous Monk on Apr 15, 2011 at 11:54 UTC
That's a good idea... but I must use memcached, as this code needs to run on a farm of webservers (each one pushing as much throughput as possible), with many memcached servers. This may be premature... but after reading the CGI::Session::Driver::memcached code, I believe, that in my case, it's unusable. It uses the sid as the key. This will fill up my 4G memcached space in no time. Since the sid is random, I won't have any practical method to age out sessions. I have already written my own driver to replace it. Thanks for your reply.	[reply]

Replies are listed 'Best First'.

Re^2: CGI::Session, method to stop account sharing
by Anonymous Monk on Apr 15, 2011 at 11:54 UTC

That's a good idea... but I must use memcached, as this code needs to run on a farm of webservers (each one pushing as much throughput as possible), with many memcached servers. This may be premature... but after reading the CGI::Session::Driver::memcached code, I believe, that in my case, it's unusable. It uses the sid as the key. This will fill up my 4G memcached space in no time. Since the sid is random, I won't have any practical method to age out sessions. I have already written my own driver to replace it. Thanks for your reply.

[reply]