perl-asp mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Chamas <jos...@chamas.com>
Subject Re: [OT] session management
Date Thu, 06 Jun 2002 14:28:59 GMT
Sven Köhler wrote:
> 
> hi!
> 
> this is somewhat offtopic, but as Apache::ASP has a built-in
> Session-Management this could be a good mailing-list to discuss some
> things ...
> 
> i have to implement a session-management withut using Apache::ASP. a
> company want's my script to pass a security-verification.
> 

What about Apache::ASP's sessions does not work for you?  Note
that you will probably want to run your code in global.asa Script_OnStart

> 1. which sheme does Apache::ASP use to generate sessionid's and how are
> they sored within the cookie/url?

MD5 checksum some random data, and make sure that sessionid is not
previously used.

> 2. i'm thinking of using a randomly generating let's say 20chars long
> session id stored in the cookie given back to the browser. the
> session-content is stored in files. of course there's a timeout stored
> within the session.
> 

Sounds like ASP sessions alright ( as opposed to Apache::Session ).
Make sure you really need to redo this.

-- Josh
_________________________________________________________________
Joshua Chamas                           Chamas Enterprises Inc.
NodeWorks Founder                       Huntington Beach, CA  USA 
http://www.nodeworks.com                1-714-625-4051

---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org


Mime
View raw message