On Thu, 14 Feb 2002 11:35:14 -0500
Perrin Harkins [EMAIL PROTECTED] wrote:
It's really a good idea to do this even when the cookie is nothing but a
session ID. A standard module for this like the one Jay mentioned would
definitely be nice.
Apache::Cookie::Encrypted seems to be the one.
Jeffrey - interesting point!
What did you have in mind to encrypt the cookie data? Perhaps you could use
Storable to serialize data structure then convert, crypt to scramble and
then MIME64 to text encode?
I agree with you on processing delays - that is probably the biggest
drawback to needing
On Thu, 2002-02-14 at 06:17, Jay Lawrence wrote:
Jeffrey - interesting point!
What did you have in mind to encrypt the cookie data? Perhaps you could use
Storable to serialize data structure then convert, crypt to scramble and
then MIME64 to text encode?
I am not encrypting the session
When the cookie is recovered, I simply decode, uncompress, thaw, check
the digest, and thaw the inner object.
It's really a good idea to do this even when the cookie is nothing but a
session ID. A standard module for this like the one Jay mentioned would
definitely be nice.
My strategy for
Perrin Harkins wrote:
When the cookie is recovered, I simply decode, uncompress, thaw, check
the digest, and thaw the inner object.
It's really a good idea to do this even when the cookie is nothing but a
session ID. A standard module for this like the one Jay mentioned would
definitely be
I dunno... That sounds lie a LOT of overhead for just a session ID
that's gonna result in server lookups too...
It's really not. It adds a negligeble amount of time to the request. As
Jeffrey pointed out, the functions he's using are all in C and very fast.
Why verify session IDs? To make