Xenofur has asked for the wisdom of the Perl Monks concerning the following question:
Hello Monks,
I am currently working on a website which currently uses the "let's use time() as the session cookie and not check anything else" approach to user authentication.
As I've never written a login system before I could try and roll my own and stumble into many traps on the way. Thus I'd like to ask if you can suggest to me a method that uses existing CPAN modules and also general guidelines for how to apply it given a standard structure of mysql db with accounts having id, username, email and password.
Currently I'm planning to replace the timestamp with a Data::GUID as well as add in an MD5 hash of the username, password and the first two tuplets of the user ip. Both of these would be stored in a simple table, checked on every user action.
I am currently working on a website which currently uses the "let's use time() as the session cookie and not check anything else" approach to user authentication.
As I've never written a login system before I could try and roll my own and stumble into many traps on the way. Thus I'd like to ask if you can suggest to me a method that uses existing CPAN modules and also general guidelines for how to apply it given a standard structure of mysql db with accounts having id, username, email and password.
Currently I'm planning to replace the timestamp with a Data::GUID as well as add in an MD5 hash of the username, password and the first two tuplets of the user ip. Both of these would be stored in a simple table, checked on every user action.
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re: Best practices for secure persistent login?
by perrin (Chancellor) on May 27, 2009 at 17:53 UTC | |
by Xenofur (Monk) on May 27, 2009 at 22:01 UTC |
Back to
Seekers of Perl Wisdom