crypting

Marty Pauley marty+belfast-pm at kasei.com
Mon Jun 10 12:28:11 CDT 2002


On Mon Jun 10 15:06:16 2002, Scott McWhirter wrote:
> On Mon, Jun 10, 2002 at 02:17:07PM +0100, Marty Pauley wrote:
> > What are you planning to use this for?                                                          
> AuthCookies $session_key.
> $string = $id . ':' md5hex(join ':',$id,$secret,$expiry);
> where is is their user id, secret is a secret phrase and expiry is a
> server-side expiry datetime.
>
> That sounds acceptable to me, but please please DO prove me wrong.

How do you check if the session key is still valid?
For example, if $id=1 and $secret="foo", is
$string="1:ddc5ddfe6f67d74c761dcd6e107ca6aa" a valid session id?

How do you extract the expiry time from $string?

I think you need encryption, not hashing.

use Crypt::Simple; I wrote it to use with cookies.

Have fun!

-- 
Marty
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 212 bytes
Desc: not available
Url : http://mail.pm.org/archives/belfast-pm/attachments/20020610/afb8c2c5/attachment.bin


More information about the Belfast-pm mailing list