Home: Perl Programming Help: Intermediate:
Post deleted by malmklang



malmklang
Novice

Sep 15, 2012, 2:18 PM


Views: 4218
Post deleted by malmklang

 


FishMonger
Veteran / Moderator

Sep 15, 2012, 2:53 PM


Views: 4215
Re: [malmklang] Regenerating sessionid and cookie troubles

Why are you wanting to delete and then recreate a new session after each action after the login?

Why not just update the current session data as needed and continue on to the next action?

Can you post your script beginning from the top thru the section dealing with the session and include any/all related subs?


malmklang
Novice

Sep 15, 2012, 3:01 PM


Views: 4213
Post deleted by malmklang

 


FishMonger
Veteran / Moderator

Sep 15, 2012, 3:03 PM


Views: 4211
Re: [malmklang] Regenerating sessionid and cookie troubles

Why do you feel that you need a new session ID?

I'm not asking you to post the entire script, just the section related to the sessions.


malmklang
Novice

Sep 15, 2012, 3:13 PM


Views: 4209
Post deleted by malmklang

 


FishMonger
Veteran / Moderator

Sep 16, 2012, 9:01 AM


Views: 4180
Re: [malmklang] Regenerating sessionid and cookie troubles

Yes, there are people out there that will try to steal your identity, especially if you (the programmer) do something dumb like putting the SID in the query string.

Regenerating the SID (via the new() method) at each and every point is just as dumb and just goes to show that even wikipedia can give bad advise.

The login page is, in most cases, the only place where you explicitly generate the SID via the new() method. All other places uses the module's load() method. After the object has been created, you then apply your checks (is it expired, is it empty, is it coming from the same host, etc). If any one of the checks fails, then delete and flush the session and redirect to the login page.

Normally, the only session info sent to the client is the session ID, however, you can add other info. For example, you could add an item that stores the PID of the script and then when they return confirm that it's still there and matches what is stored on the server. If that fails, then redirect them to the login page.


malmklang
Novice

Sep 16, 2012, 9:10 AM


Views: 4178
Post deleted by malmklang

 


FishMonger
Veteran / Moderator

Sep 16, 2012, 9:24 PM


Views: 4146
Re: [malmklang] Regenerating sessionid and cookie troubles

I'm not exactly sure how to respond at this point. The main emphasis of the link you provided as the reason to regenerate a brand new SID at each point dealt with with passing the SID in the query string in an unrealistic scenario.

If that's not the case, then what problem are you trying to resolve?

Since you haven't yet and don't seem to be willing to provide your session related code or a clear explanation of the problem that you need to fix, I don't know what corrections to your code I should suggest.