Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: Re: Secure Session Management

by Ryszard (Priest)
on Sep 07, 2002 at 08:00 UTC ( #195852=note: print w/replies, xml ) Need Help??

in reply to Re: Secure Session Management
in thread Secure Session Management

Almost, but not quite (IMO). You dont need to send the username to the browser, and think about adding an expiry date to your session database.


  1. The user logs in
  2. You create a sess_id and send it to the browser (via a cookie or "param")
  3. You record the sess_id in the database along side a user_id
  4. Foreach pageview you retrieve the cookie from the browser and compare it to the one in your database
  5. You compare the "sysdate" with the date in you set in the session database(expy_date); if sysdate is > expy_date, send the login page to the browser.
  6. optionally on each pageview you can:
    1. Extend the session by n so the session is more dynamic and stay current as long as the user is actively using your application
    2. re-issue another sess_id - making your application a touch more secure.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://195852]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2020-01-21 00:13 GMT
Find Nodes?
    Voting Booth?