Home > Archive > PERL CGI Beginners > September 2004 > session ids?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Bryan Harris 2004-09-22, 3:55 pm |
|
I'm still very much a beginner, but I'm starting to see how establishing a
concept of sessions could be quite handy for my website. So I was thinking
of coming up with session ids, which could be some encoded combination of
their ip address, user name, and the date/time of that session's start. The
server would embed the session id into hidden fields or cookies, and use it
to determine which areas of the site are available to that user.
Is this a common thing to do? Am I on the right track with this? And if
so, does perl offer an easy way to encode those three things into a string
of apparent gobbledygook and back?
TIA.
- Bryan
| |
| Sean Davis 2004-09-22, 3:55 pm |
| Bryan,
You might want to look into CGI::Session (on http://search.cpan.org,
our best perl friend). Like much of the grunt work in perl, someone
has already done the vast majority of the work for us and done it
right.
Sean
On Sep 22, 2004, at 2:27 AM, Bryan Harris wrote:
>
>
> I'm still very much a beginner, but I'm starting to see how
> establishing a
> concept of sessions could be quite handy for my website. So I was
> thinking
> of coming up with session ids, which could be some encoded combination
> of
> their ip address, user name, and the date/time of that session's
> start. The
> server would embed the session id into hidden fields or cookies, and
> use it
> to determine which areas of the site are available to that user.
>
> Is this a common thing to do? Am I on the right track with this? And
> if
> so, does perl offer an easy way to encode those three things into a
> string
> of apparent gobbledygook and back?
>
> TIA.
>
> - Bryan
>
>
>
>
> --
> To unsubscribe, e-mail: beginners-cgi-unsubscribe@perl.org
> For additional commands, e-mail: beginners-cgi-help@perl.org
> <http://learn.perl.org/> <http://learn.perl.org/first-response>
>
| |
| Wiggins d Anconia 2004-09-22, 3:55 pm |
| >
>
> I'm still very much a beginner, but I'm starting to see how establishing a
> concept of sessions could be quite handy for my website. So I was
thinking
> of coming up with session ids, which could be some encoded combination of
> their ip address, user name, and the date/time of that session's
start. The
> server would embed the session id into hidden fields or cookies, and
use it
> to determine which areas of the site are available to that user.
>
> Is this a common thing to do? Am I on the right track with this? And if
> so, does perl offer an easy way to encode those three things into a string
> of apparent gobbledygook and back?
>
> TIA.
>
> - Bryan
This is discussed frequently on this list and is mostly a matter of
preference and/or user demands on how you implement it, aka cookie/url
munging, session ids/user authentication, etc. You should check the
archives for past discussion.
Apache::Session in particular is highly regarded, though there are other
modules available on CPAN.
Questions, yes it is a very common thing to do, yes you are on the right
track, and if you want to mess with the lower level yourself, doing
SHA1/MD5 hashes are probably the easiest (to me), aka encode the data
give it to the client, then during the next request re-encode the data
and compare the two.
I would suggest avoiding doing anything with IP addresses completely as
they are not consistent from user request to request because of things
such as proxies.
HTH,
http://danconia.org
| |
| Bryan Harris 2004-09-23, 3:55 am |
|
Yes, Wiggins and Sean, thank you! That was just the information I needed to
point me off in the right direction.
Thanks again.
- Bryan
> thinking
> start. The
> use it
>
> This is discussed frequently on this list and is mostly a matter of
> preference and/or user demands on how you implement it, aka cookie/url
> munging, session ids/user authentication, etc. You should check the
> archives for past discussion.
>
> Apache::Session in particular is highly regarded, though there are other
> modules available on CPAN.
>
> Questions, yes it is a very common thing to do, yes you are on the right
> track, and if you want to mess with the lower level yourself, doing
> SHA1/MD5 hashes are probably the easiest (to me), aka encode the data
> give it to the client, then during the next request re-encode the data
> and compare the two.
>
> I would suggest avoiding doing anything with IP addresses completely as
> they are not consistent from user request to request because of things
> such as proxies.
>
> HTH,
>
> http://danconia.org
|
|
|
|
|