Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re: Re: Maintain Session without Cookies?

by nop (Hermit)
on Feb 23, 2002 at 15:50 UTC ( #147071=note: print w/replies, xml ) Need Help??

in reply to Re: Maintain Session without Cookies?
in thread Maintain Session without Cookies?

If you embed session the URL, use some common sense:
  • if a session shows no activity for 30 minutes, kill the session and start a new one. depending on your site, this may mean asking for a login, or it may mean just cutting a new session key.
  • if a session comes in that is "inconsistent" (different browser type, different referrer, etc) with the last session request, kill the session.
  • as merlyn says here, make the session key unguessable
While these don't fix the problem completely (eg users coming in from AOL via the same AOL proxy machine might be able to swap sessions if they do it reasonably quickly), they go a long way to reduce it.
  • Comment on Re: Re: Maintain Session without Cookies?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://147071]
Eily wondered if the space was there for a reason
[Eily]: like "Replace the T, replace the y, skip one, replace the o"
[Discipulus]: it works anyway, good morning choroba
[Discipulus]: choroba i'm considering to add some connection checking to your CB tk program: something like..
[Discipulus]: i got also a parser error, but once
[KurtZ]: Code Tags

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2017-07-24 09:20 GMT
Find Nodes?
    Voting Booth?
    I came, I saw, I ...

    Results (348 votes). Check out past polls.