Well does this all mean there is limited features to do session handling on mod_perl. Well I am new to mod_perl but in JAVA/Servlet you can do a simple thing like this request.getSession().setAttribute("my_remote_user",<uid of the authenticated user>); for subsequent requests we can retrieve this attribute and do what we want. I expected similar session handleing feature availabe in mod_perl as this is a common requirement.
"store the user info on the lan, mapped to the id in the cookie" is something which we need to think, Isnt there a easy way to store information on user session. Other doubt that we have is Because the user successful in his first Authentication, Isnt there a way to retrieve the remote_user variable in the subsequent requests (I may be wrong as well all new to this). Thanks Jonathan Vanasco-5 wrote: > > > On Jan 17, 2007, at 5:50 PM, Tracy12 wrote: > >> >> What about the security measures if we store authenticated user >> information >> in a cookie, >> >> Cant we handle in the server session and and store it as a session >> variable. >> This would be much secure? > > you store a session id in a cookie > > you store the user info on the lan, mapped to the id in the cookie > > you can use checksum cookies and other stuff to mitigate cookie spoofing > > > > > > // Jonathan Vanasco > > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > | FindMeOn.com - The cure for Multiple Web Personality Disorder > | Web Identity Management and 3D Social Networking > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > | RoadSound.com - Tools For Bands, Stuff For Fans > | Collaborative Online Management And Syndication Tools > | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - - - - - - - - - - - - - - > > > > -- View this message in context: http://www.nabble.com/Session-Handling-Set-Session-attributes-tf3030824.html#a8422602 Sent from the mod_perl - General mailing list archive at Nabble.com.