Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re: Identifying clients

by themage (Friar)
on Dec 07, 2006 at 10:35 UTC ( #588285=note: print w/ replies, xml ) Need Help??

in reply to Identifying clients

Hi ruzam,

The way I usually handle this is by creating a MD5 of several information, including the client IP and a secret passphrase (that can be fixed - always the same, or changed at intervals, in which case all sessions would expire in the end of the period), and using this MD5 as sessionID.

This allows me to verify that the sessionID was generated for the specific IP (and maybe UserAgent, if you use this to create the MD5), and the passphrase makes it harder to generate a valid MD5 key.

To limit the number of connections per IP to a legitime limit I would use something as the Apache::SpeedLimit example given in the Writing Apache Modules book. This would prevent a bruteforce attack to the sessionID.

Talking Web
Comment on Re: Identifying clients

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://588285]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (6)
As of 2016-05-30 00:27 GMT
Find Nodes?
    Voting Booth?