On Fri, Nov 16, 2001 at 02:09:25AM +0100, Tom Bille wrote: > The aim of the cookie example in the eagle book is a bit more than just >authentication. Most of the answers here to use a > session ID here are quite right for most purposes, but the code in the eagle book >offers to store information on the client side > with the security of a signature. Its NOT just authentication. > This has some advantages for applications which are on more than one server, which >have to use an expensive central DB > lookup and/or are not connected at all, since the only thing to share is the secret. [snip]
And for the academically inclined, Authen::Ticket (which I need to go back and update) is based on the Eagle book's example but different :/ It uses a PKI-like solution for ensuring authenticity of the cookies (at least someone can't just make up a cookie out of thin air). If you're using FreeBSD, I believe there's even a port for it (much to my surprise). --jim
