>>>>> "Igor" == Igor Chudov <ichu...@gmail.com> writes:
Igor> I was very excited by the suggestion to use cookies to store the entire Igor> session information, and to keep it safe by means of base64 encoding and Igor> MD5 hash with a secret salt, for storing session information securely on Igor> the client. Ahh, phase 2 of cookie awareness. When you get to phase 3, you realize that cookies should really just be used to distinguish one browser from another, and hold everything server-side instead for far better security and flexibility. (Remember, server-side could be something as simple as DBM::Deep, which is a single-file zero-install module that gives you arbitrary persistent Perl data structures efficiently.) See my (slightly aged but still valid) write-up of this at: http://www.stonehenge.com/merlyn/WebTechniques/col61.html -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <mer...@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
