Think about Loose Coupling | |
PerlMonks |
Re: Webpage Loginsby knobunc (Pilgrim) |
on Apr 12, 2001 at 22:17 UTC ( [id://72129]=note: print w/replies, xml ) | Need Help?? |
Beware using the IP address as a unique token for a session. Any users that go through a proxy will appear to come from the same IP. AOL users for instance rotate through a handful of IP addresses for each request. The other replies have hopefully pointed you in the right direction. Also, if you decide to store the information in a file make sure you lock it when updating and reading. Otherwise it will get corrupted at some point. Updated: I had a chance to look at how I had coded the login stuff on my pages here. The relevant bit is to use Apache::Session which gives me an ID that I then stuff into a cookie. The IDs generated are relatively secure, they use all sorts of good random info then run it through an MD5 hash so I think they are unguessable. Anyway, onto the code:
Please note that this code will probably need to be changed to fit your web environment. I was using $r since my code comes from mod_perl. If you are using straight CGI then there is a CGI.pm thing to set the cookie stuff in the response header. The above may or may not work since I cut and pasted relevant bits from my setup (I am using Mason) and actually have stuff split up across subroutines because my data store and autentication is a bit more twisty. -ben
In Section
Seekers of Perl Wisdom
|
|