It sounds like you aren't authenticating requests that send a valid session id. Isn't that your root problem? Are you building obscurity instead of security?

You can't keep URLs private. They'll show up in HTTP headers, log files, browser histories, bookmarks, cut and paste buffers, plain text e-mails, etc.

Session IDs should only identify session state stored on your server; they should not grant access or leak the contents of your server. Ideally the client authenticates using digest mode or some other challenge response system. (Modern browsers even do this correctly.) If you have lots of CPU, basic authentication over HTTPS is also good. If your data isn't sensitive, you could "trust" an IP address for a limited time.

At the very least, add an authentication step to your code. It will make your security solution easy to understand. And big red flags will wave if you see: 

sub authenticate_user {
   return 1
}

[download]

In reply to Re: Mod_Perl Handlers And Getting Rid Of Sessions In The URL by blssu
in thread Mod_Perl Handlers And Getting Rid Of Sessions In The URL by Revelation

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.