How does this work in an environment with two (or more) computers with the exact same configuration, and probably the same HTTP_USER_AGENT behind the same proxy? How do you know that one user isn't using another users session?
--Joe Breeden --------------------------------------- If it compiles - Ship It! Aranea Texo > -----Original Message----- > From: fliptop [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 15, 2001 4:50 PM > To: Jon Robison > Cc: Jonathan E. Paton; [EMAIL PROTECTED] > Subject: Re: Doing Authorization using mod_perl from a programmers > perspective > > > Jon Robison wrote: > > > > The most relevant section for you is the Ticket system he > describes. (I > > believe the section header says something about Cookies, > but you'll know > > you have the right one when you see TicketAccess.pm, > TicketTools.pm, and > > TicketMaster.pm. One nice addition is the ability to add > encryption to > > the Ticket, and the fact that the author used an MD5 hash (of an MD5 > > hash!) in the cookie, so verification of the authenticity > of the user is > > pretty solid so long as you leave in things like ip > address, etc. which > > he uses in the cookie by default. (Although AOL and some > proxy systems > > might cause this to be trouble). AND, he also uses a mysql > db for the > > i have found that using the HTTP_USER_AGENT environment > variable instead > of ip address solves the problem with proxy servers and the md5 hash. > anyone ever tried this as a simple workaround? >
