Well does this all mean there is limited features to do session handling on
mod_perl. Well I am new to mod_perl but in JAVA/Servlet you can do a simple
thing like this
request.getSession().setAttribute("my_remote_user",<uid of the authenticated
user>);
for subsequent requests we can retrieve this attribute and do what we want.
I expected similar session handleing feature availabe in mod_perl as this is
a common requirement.
"store the user info on the lan, mapped to the id in the cookie" is
something which we need to think, Isnt there a easy way to store information
on user session.
Other doubt that we have is Because the user successful in his first
Authentication, Isnt there a way to retrieve the remote_user variable in the
subsequent requests (I may be wrong as well all new to this).
Thanks
Jonathan Vanasco-5 wrote:
>
>
> On Jan 17, 2007, at 5:50 PM, Tracy12 wrote:
>
>>
>> What about the security measures if we store authenticated user
>> information
>> in a cookie,
>>
>> Cant we handle in the server session and and store it as a session
>> variable.
>> This would be much secure?
>
> you store a session id in a cookie
>
> you store the user info on the lan, mapped to the id in the cookie
>
> you can use checksum cookies and other stuff to mitigate cookie spoofing
>
>
>
>
>
> // Jonathan Vanasco
>
> | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - -
> | FindMeOn.com - The cure for Multiple Web Personality Disorder
> | Web Identity Management and 3D Social Networking
> | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - -
> | RoadSound.com - Tools For Bands, Stuff For Fans
> | Collaborative Online Management And Syndication Tools
> | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - - - - - - - - - - - - - - -
>
>
>
>
--
View this message in context:
http://www.nabble.com/Session-Handling-Set-Session-attributes-tf3030824.html#a8422602
Sent from the mod_perl - General mailing list archive at Nabble.com.
