Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Thanks for the feedback guys. I was since my posting, I've done a little thinking and have an idea how to do this. Here's my idea, please let me know what you think.

Each user will have a record in a database. When the user initially logs in, it will verify that they entered the correct username and password by comparing to the values in the database.

After it verifies the username and password are correct, it will assign a random string of text (session ID) and it will write this session ID along with the current time, to the record in the database. It will also write this session ID along with the username to a cookie.

Now when the user loads another page, it will pull the session ID and username from the cookie. After it finds the matching session ID and username in the database, it will check the time in the database (time session ID was assigned). If that time is over a certain limit, it will timeout and display the login screen...otherwise it will allow the user to continue and will assign a new session ID and time to the databse and the new session ID and username to the cookie.

I figure since all these pages are encrypted with SSL, it's not a having the session ID intercepted is not a concern. Plus, the session ID is changed each time, so even if someone got a hold of it, it will have probably changed or timed out by the time they can use it.

Any comments or suggestions? Do you see any problems here? Do you think this would hold up and perform well with a large amount of users?

Thanks again,

Jeremy


In reply to Re: Secure Session Management by glickjd
in thread Secure Session Management by glickjd

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others meditating upon the Monastery: (6)
    As of 2020-01-20 23:47 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?
      Notices?