At 05:55 PM 2/19/2002 -0500, Perrin Harkins wrote: >Incidentally, this is mostly the same thing as what Jeffrey Baker mentioned >a few days ago about storing state entirely inside a cookie with a message >digest. The only difference is that by sticking it in a form element you're >attaching it to a specific page.
True. I was very intrigued by his approach, and might use something like that to increase the security of my app by verifying the hidden form field contents. I suppose I could follow his approach, but the amount of data I need to store could possibly overwhelm the 4KB cookie limit. In this case, simple was better - simple application, simple session. And I know I can count on every browser implementing forms. :-) Drew Drew Taylor JA[P|m_p|SQL]H http://www.drewtaylor.com/ Just Another Perl|mod_perl|SQL Hacker mailto:[EMAIL PROTECTED] *** God bless America! ***
