Vlad Seryakov wrote: > Why not to use nsv_incr to generate sequential session id? > > Or sequential ids is a bad idea? > > It makes it super easy to hijack sessions. They are supposed to be difficult to brute force. > Ian Harding wrote: > >> Stephen Deasey wrote: >> >>> On Sun, Feb 15, 2009 at 6:55 PM, Ian Harding <harding....@gmail.com> wrote: >>> >>> >>>> Hello, >>>> >>>> I am migrating to Naviserver from AOLServer mostly because of the >>>> excellent nsdbi module. >>>> >>>> My existing code is depended on the nssession module >>>> http://bas.scheffers.net/aolserver/ . It doesn't compile and run >>>> unmodified under Naviserver, but before I start hacking on it, is >>>> there an existing session module or a tcl solution that someone else >>>> has already written? >>>> >>>> >>>> >>> I'm not sure that it's worth porting that module. The cache locking is >>> broken, the file handling looks dodgy, and in general it has some odd >>> ideas about configuration and string handling. >>> >>> If all you need to do is replicate some ns_session Tcl commands so >>> your existing code works then the easiest way would be to create a >>> work-alike using the existing naviserver Tcl commands: >>> >>> * cookie handling: naviserver has this built in: >>> http://naviserver.sourceforge.net/n/naviserver/files/ns_cookie.html >>> >>> * caching: also now built in: >>> http://naviserver.sourceforge.net/n/naviserver/files/ns_cache.html >>> >>> * persisting the session: just use nsdbi, if you're already using >>> it. If you really want >>> to use the file system, use ns_hashpath in nsd/pathname.c to >>> prevent enormous >>> directories from bogging down the server. >>> >>> * ns_rand: already exposed. >>> >>> >>> It will be more robust than than the C nssession module, and almost >>> certainly faster too. >>> >>> >>> If you want to create something fancier as a C module, I'd be >>> interested in helping. >>> >>> >> Here is my lame hack at a tcl module. It has some problems and is not >> done, but it does seem to work for certain small values of "work". >> >> http://code.google.com/p/grop/source/browse/trunk/nssession.tcl >> >> I want to "hide" the internal methods (id, load, etc) in a separate >> namespace, and will use a proper session id generator. I'd like to get >> rid of the upvar session_id. I wanted to use the connid as a key in a >> cache to lookup the session_id for those cases where there is not a >> cookie set yet. I couldn't figure out how to get it. I was hoping >> there was a "ns_conn id" I could use. >> >> Anyway, I would appreciate all input on things I am doing wrong or could >> do better. >> >> - Ian >> >> ------------------------------------------------------------------------------ >> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA >> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise >> -Strategies to boost innovation and cut costs with open source participation >> -Receive a $600 discount off the registration fee with the source code: SFAD >> http://p.sf.net/sfu/XcvMzF8H >> _______________________________________________ >> naviserver-devel mailing list >> naviserver-devel@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/naviserver-devel >> >> > > ------------------------------------------------------------------------------ > Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA > -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise > -Strategies to boost innovation and cut costs with open source participation > -Receive a $600 discount off the registration fee with the source code: SFAD > http://p.sf.net/sfu/XcvMzF8H > _______________________________________________ > naviserver-devel mailing list > naviserver-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/naviserver-devel >
------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
