CGI/Perl Guide | Learning Center | Forums | Advertise | Login Site Search: in Perl Guide PerlGuru Forums Learning Ctr

	MAIN INDEX	SEARCH POSTS	WHO'S ONLINE	LOG IN

Home: Perl Programming Help: Intermediate: Post deleted by malmklang

malmklang Novice Sep 15, 2012, 2:18 PM Post #1 of 8 (1418 views) Post deleted by malmklang

FishMonger Veteran / Moderator Sep 15, 2012, 2:53 PM Post #2 of 8 (1415 views) Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post Why are you wanting to delete and then recreate a new session after each action after the login? Why not just update the current session data as needed and continue on to the next action? Can you post your script beginning from the top thru the section dealing with the session and include any/all related subs?

malmklang Novice Sep 15, 2012, 3:01 PM Post #3 of 8 (1413 views) Post deleted by malmklang [In reply to]

FishMonger Veteran / Moderator Sep 15, 2012, 3:03 PM Post #4 of 8 (1411 views) Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post Why do you feel that you need a new session ID? I'm not asking you to post the entire script, just the section related to the sessions.

malmklang Novice Sep 15, 2012, 3:13 PM Post #5 of 8 (1409 views) Post deleted by malmklang [In reply to]

FishMonger Veteran / Moderator Sep 16, 2012, 9:01 AM Post #6 of 8 (1380 views) Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post Yes, there are people out there that will try to steal your identity, especially if you (the programmer) do something dumb like putting the SID in the query string. Regenerating the SID (via the new() method) at each and every point is just as dumb and just goes to show that even wikipedia can give bad advise. The login page is, in most cases, the only place where you explicitly generate the SID via the new() method. All other places uses the module's load() method. After the object has been created, you then apply your checks (is it expired, is it empty, is it coming from the same host, etc). If any one of the checks fails, then delete and flush the session and redirect to the login page. Normally, the only session info sent to the client is the session ID, however, you can add other info. For example, you could add an item that stores the PID of the script and then when they return confirm that it's still there and matches what is stored on the server. If that fails, then redirect them to the login page.

malmklang Novice Sep 16, 2012, 9:10 AM Post #7 of 8 (1378 views) Post deleted by malmklang [In reply to]

FishMonger Veteran / Moderator Sep 16, 2012, 9:24 PM Post #8 of 8 (1346 views) Re: [malmklang] Regenerating sessionid and cookie troubles [In reply to] Can't Post I'm not exactly sure how to respond at this point. The main emphasis of the link you provided as the reason to regenerate a brand new SID at each point dealt with with passing the SID in the query string in an unrealistic scenario. If that's not the case, then what problem are you trying to resolve? Since you haven't yet and don't seem to be willing to provide your session related code or a clear explanation of the problem that you need to fix, I don't know what corrections to your code I should suggest.

Announcements     PerlGuru Announcements Perl Programming Help     Frequently Asked Questions     Beginner     Intermediate     Advanced     Regular Expressions     mod_perl     DBI     Win32 Programming Help Fun With Perl     Perl Quizzes - Learn Perl the Fun Way     Perl Golf     Perl Poetry Need a Custom or Prewritten Perl Program?     I need a program that...     I Need a Programmer for Freelance Work     Throw Down The Gauntlet General Discussions     General Questions     Feedback     Tutorial/Article Suggestions for The Learning Cent     Internet Security Other Programming Languages     Javascript     PHP

Search this forum this category all forums for All words Any words Whole Phrase (options)

Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives