[sf-perl] Secure Cookies outside of catalyst?
not.com at gmail.com
Sat Dec 4 11:24:44 PST 2010
If you want to prevent end-user tampering (and not third-party
eavesdropping), you don't need the "secure" flag- which will only send
the cookie over https- or the "httponly" flag- which will prevent
you need to do one of two things:
1. encrypt the cookie's data before sending it to the browser and
decrypt on the way back.
2. Generate a large random identifier that you use to look up the session data.
More information about the SanFrancisco-pm