Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Session Management: NO Cookies....

Reply
Thread Tools

Session Management: NO Cookies....

 
 
Sucpraran
Guest
Posts: n/a
 
      09-23-2003
New to Perl, Apache world.
Like to get thoughts on maintaining session WITHOUT using Client Side
Cookies.
Our environment is Perl, Apache, Oracle DB, Unix OS.

What are the capabilities of Server side/Database session management
in this environment? We can't compromise on security and load
balancing (multiple servers).

Thanks
 
Reply With Quote
 
 
 
 
James Willmore
Guest
Posts: n/a
 
      09-24-2003
http://www.velocityreviews.com/forums/(E-Mail Removed) (Sucpraran) wrote in message news:<(E-Mail Removed). com>...
> New to Perl, Apache world.
> Like to get thoughts on maintaining session WITHOUT using Client Side
> Cookies.
> Our environment is Perl, Apache, Oracle DB, Unix OS.
>
> What are the capabilities of Server side/Database session management
> in this environment? We can't compromise on security and load
> balancing (multiple servers).
>


You could use hidden fields, but that's not a 100% secure method. Or
an Apache module (think mod_auth), but I believe that uses cookies.
You could restrict access based upon IP addresses, but those can be
spoofed.

Any reason why you don't want to use cookies? I mean, if you _only_
use cookies, that's not very secure. However, they are useful when
used in conjunction with other methods. It's just another layer of
authentication that someone has to figure out, but it's still a layer.
It keeps honest people honest.

HTH

Jim
 
Reply With Quote
 
 
 
 
Keith Keller
Guest
Posts: n/a
 
      09-24-2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

On 2003-09-23, Sucpraran <(E-Mail Removed)> wrote:
> Like to get thoughts on maintaining session WITHOUT using Client Side
> Cookies.


You might want to be more specific on what you mean by a session--
there are lots of techniques, but not all applicable to every
situation.

Also, comp.infosystems.www.authoring.cgi or the mod_perl list
might be a better place for your question, since there will be
many methods that are not perl-specific. (Most, really.)

--keith

--
http://www.velocityreviews.com/forums/(E-Mail Removed)-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj9xIKgACgkQhVcNCxZ5ID9sJwCdFod5UP4utp zlEXfhCsUCw9/Z
ij4Anjht445LcPGoY7co14mPOb65VDps
=52Rp
-----END PGP SIGNATURE-----
 
Reply With Quote
 
Bill
Guest
Posts: n/a
 
      09-24-2003
(E-Mail Removed) (Sucpraran) wrote in message news:<(E-Mail Removed). com>...
> New to Perl, Apache world.
> Like to get thoughts on maintaining session WITHOUT using Client Side
> Cookies.
> Our environment is Perl, Apache, Oracle DB, Unix OS.
>
> What are the capabilities of Server side/Database session management
> in this environment? We can't compromise on security and load
> balancing (multiple servers).
>
> Thanks


Have a look at SOAP (this is usable by Perl but is not language dependent):

http://www.perl.com/pub/a/2001/04/24/soap.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Session Timeout problems-web.confg session state and IIS session s =?Utf-8?B?Um9iSEs=?= ASP .Net 4 04-11-2007 04:52 PM
Unable to serialize the session state. Please note that non-serializable objects or MarshalByRef objects are not permitted when session state mode is 'StateServer' or 'SQLServer'. Mike Larkin ASP .Net 1 05-23-2005 12:33 PM
Session State - What does it take to establish one single ASP.NET session per "browser session" Jeff Smythe ASP .Net 3 01-02-2004 04:10 AM
How can I "know" the difference between a session timed out and a session that did session.abort? Jazzis ASP General 2 09-23-2003 07:16 AM
Which is faster? Dim dv As New DataView(session("myDataTable")) or CType(session("myDataTable")) Andreas Klemt ASP .Net 1 07-23-2003 12:18 AM



Advertisments