On Fri, Nov 16, 2001 at 02:09:25AM +0100, Tom Bille wrote:
> The aim of the cookie example in the eagle book is a bit more than just 
>authentication. Most of the answers here to use a 
> session ID here are quite right for most purposes, but the code in the eagle book 
>offers to store information on the client side 
> with the security of a signature. Its NOT just authentication.
> This has some advantages for applications which are on more than one server, which 
>have to use an expensive central DB 
> lookup and/or are not connected at all, since the only thing to share is the secret.
[snip]

And for the academically inclined, Authen::Ticket (which I need to go back
and update) is based on the Eagle book's example but different :/  It uses
a PKI-like solution for ensuring authenticity of the cookies (at least
someone can't just make up a cookie out of thin air).  If you're using
FreeBSD, I believe there's even a port for it (much to my surprise).

--jim

Reply via email to