Phoenix.pm: Keeping track of web logins
jim mckay
jimm at amug.org
Tue Aug 1 20:59:01 CDT 2000
Take a look at Apache-Session..
http://theoryx5.uwinnipeg.ca/mod_perl/cpan-search?filetype=%20distribution%20name%20or%20description;join=and;arrange=file;download=auto;stem=no;case=clike;site=ftp.funet.fi;age=&distinfo=108
I haven't used it but it looks interesting.. if you have any luck with it I'd be
interested in seeing what you did..
Also I think Oreilly's "Writing Apache modules with perl and c" has a chapter on
keeping state (if you have root access to apache).
Jim M
On 8/1/00 at 4:29 PM, mikec at autodispatch.com (Mike Cantrell) wrote:
> I'm wondering if someone out there has a good method of keeping track of web
> logins when going from page to page. I've ofter relied on .htaccess to
> generate a $ENV{REMOTE} user to check against but what if you aren't using
> ..htaccess and have a html based login form?
>
> 1) I've thought about setting temp cookies but that seems like a security
> problem and I'd rather not use cookies anyways.
>
> 2) creating hidden tags to pass along to the next page if it's a form but
> what if it's not a form? That also seems like a security problem.
>
> 3) encoding the login/passwd into the URL string but that seems to be a
> security problem as well. Has anyone tried encrypting the login/passwd in
> the URL string? Is there any good doc's out there on doing such a thing?
>
> 4) I often see long sessionID variables in URL strings of sites I've logged
> into but I'm not sure what they are doing with it.
>
> Anyone else know of a better way?
>
> Best Regards,
> Mike Cantrell
>
More information about the Phoenix-pm
mailing list