Keeping track of web logins

jim mckay jimm at
Tue Aug 1 20:59:01 CDT 2000

Take a look at Apache-Session..;join=and;arrange=file;download=auto;stem=no;case=clike;;age=&distinfo=108

I haven't used it but it looks interesting.. if you have any luck with it I'd be
interested in seeing what you did.. 

Also I think Oreilly's "Writing Apache modules with perl and c" has a chapter on
keeping state (if you have root access to apache).

Jim M

On 8/1/00 at 4:29 PM, mikec at (Mike Cantrell) wrote:

> I'm wondering if someone out there has a good method of keeping track of web
> logins when going from page to page. I've ofter relied on .htaccess to
> generate a $ENV{REMOTE} user to check against but what if you aren't using
> ..htaccess and have a html based login form?
> 1) I've thought about setting temp cookies but that seems like a security
> problem and I'd rather not use cookies anyways.
> 2) creating hidden tags to pass along to the next page if it's a form but
> what if it's not a form? That also seems like a security problem.
> 3) encoding the login/passwd into the URL string but that seems to be a
> security problem as well. Has anyone tried encrypting the login/passwd in
> the URL string? Is there any good doc's out there on doing such a thing?
> 4) I often see long sessionID variables in URL strings of sites I've logged
> into but I'm not sure what they are doing with it.
> Anyone else know of a better way?
> Best Regards,
> Mike Cantrell

More information about the Phoenix-pm mailing list