in reply to Re: mod_perl and PHP in thread mod_perl and PHP
The reason why I have encrypted cookies is to store the session key on them. Not the session's information. That would make the cookie too big and I feel that would be an abuse of the system. If I don't encrypt the cookies there stands a chance of someone going in and mucking around with the cookie to see what they can do. I've seen it happen and I'm not about to take chances with my client's data. I'm being paid to be paranoid. Anyways, I've learned that PHP also has the ability to decrypt with Blowfish so I think I have the problem solved. What I wanted to do was use PerlAccessHandler and create a module to grab the cookie and allow access to the PHP module. The problem with doing that is when the handler lets it through, how does the PHP module know what the session id is or the member id. PerlAccessHandler can't pass anything to the PHP through Apache.
Hey if I'm wrong, I'd love to hear it.
BMaximus
|