CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
Post deleted by malmklang

 



malmklang
Novice

Sep 15, 2012, 2:18 PM

Post #1 of 8 (1905 views)
Post deleted by malmklang

 


FishMonger
Veteran / Moderator

Sep 15, 2012, 2:53 PM

Post #2 of 8 (1902 views)
Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post

Why are you wanting to delete and then recreate a new session after each action after the login?

Why not just update the current session data as needed and continue on to the next action?

Can you post your script beginning from the top thru the section dealing with the session and include any/all related subs?


malmklang
Novice

Sep 15, 2012, 3:01 PM

Post #3 of 8 (1900 views)
Post deleted by malmklang [In reply to]

 


FishMonger
Veteran / Moderator

Sep 15, 2012, 3:03 PM

Post #4 of 8 (1898 views)
Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post

Why do you feel that you need a new session ID?

I'm not asking you to post the entire script, just the section related to the sessions.


malmklang
Novice

Sep 15, 2012, 3:13 PM

Post #5 of 8 (1896 views)
Post deleted by malmklang [In reply to]

 


FishMonger
Veteran / Moderator

Sep 16, 2012, 9:01 AM

Post #6 of 8 (1867 views)
Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post

Yes, there are people out there that will try to steal your identity, especially if you (the programmer) do something dumb like putting the SID in the query string.

Regenerating the SID (via the new() method) at each and every point is just as dumb and just goes to show that even wikipedia can give bad advise.

The login page is, in most cases, the only place where you explicitly generate the SID via the new() method. All other places uses the module's load() method. After the object has been created, you then apply your checks (is it expired, is it empty, is it coming from the same host, etc). If any one of the checks fails, then delete and flush the session and redirect to the login page.

Normally, the only session info sent to the client is the session ID, however, you can add other info. For example, you could add an item that stores the PID of the script and then when they return confirm that it's still there and matches what is stored on the server. If that fails, then redirect them to the login page.


malmklang
Novice

Sep 16, 2012, 9:10 AM

Post #7 of 8 (1865 views)
Post deleted by malmklang [In reply to]

 


FishMonger
Veteran / Moderator

Sep 16, 2012, 9:24 PM

Post #8 of 8 (1833 views)
Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post

I'm not exactly sure how to respond at this point. The main emphasis of the link you provided as the reason to regenerate a brand new SID at each point dealt with with passing the SID in the query string in an unrealistic scenario.

If that's not the case, then what problem are you trying to resolve?

Since you haven't yet and don't seem to be willing to provide your session related code or a clear explanation of the problem that you need to fix, I don't know what corrections to your code I should suggest.

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives