What about the security measures if we store authenticated user information in a cookie,
Cant we handle in the server session and and store it as a session variable. This would be much secure? Robert Landrum wrote: > > Tracy12 wrote: >> My perl authentication handler works fine BUT the biggest problem inside >> my >> Auth handler I do some resource intenstive tasks and if everything >> successful set the REMOTE_USER env variable. >> >> But for the subsequent requests from the same user (after the initial >> Authentication is successful) how can I bypass these resource intensive >> tasks because the user already been authenticated (but I need REMOTE_USER >> value for subsequent request >> > > I would use Apache::Session and store a cookie that says that this user > is authenticated. The session would include to be set for REMOTE_USER. > The user would only get the session cookie if they had successfully > authenticated. > > It should work fine and will likely solve your performance problem. > > Rob > > -- View this message in context: http://www.nabble.com/Session-Handling-Set-Session-attributes-tf3030824.html#a8421325 Sent from the mod_perl - General mailing list archive at Nabble.com.
