Jon Robison wrote: > > The most relevant section for you is the Ticket system he describes. (I > believe the section header says something about Cookies, but you'll know > you have the right one when you see TicketAccess.pm, TicketTools.pm, and > TicketMaster.pm. One nice addition is the ability to add encryption to > the Ticket, and the fact that the author used an MD5 hash (of an MD5 > hash!) in the cookie, so verification of the authenticity of the user is > pretty solid so long as you leave in things like ip address, etc. which > he uses in the cookie by default. (Although AOL and some proxy systems > might cause this to be trouble). AND, he also uses a mysql db for the
i have found that using the HTTP_USER_AGENT environment variable instead of ip address solves the problem with proxy servers and the md5 hash. anyone ever tried this as a simple workaround?
