Session Management: NO Cookies....

S

Sucpraran

New to Perl, Apache world.
Like to get thoughts on maintaining session WITHOUT using Client Side
Cookies.
Our environment is Perl, Apache, Oracle DB, Unix OS.

What are the capabilities of Server side/Database session management
in this environment? We can't compromise on security and load
balancing (multiple servers).

Thanks
 
J

James Willmore

New to Perl, Apache world.
Like to get thoughts on maintaining session WITHOUT using Client Side
Cookies.
Our environment is Perl, Apache, Oracle DB, Unix OS.

What are the capabilities of Server side/Database session management
in this environment? We can't compromise on security and load
balancing (multiple servers).
Click to expand...

You could use hidden fields, but that's not a 100% secure method. Or
an Apache module (think mod_auth), but I believe that uses cookies.
You could restrict access based upon IP addresses, but those can be
spoofed.

Any reason why you don't want to use cookies? I mean, if you _only_
use cookies, that's not very secure. However, they are useful when
used in conjunction with other methods. It's just another layer of
authentication that someone has to figure out, but it's still a layer.
It keeps honest people honest.

HTH

Jim
 
K

Keith Keller

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

Like to get thoughts on maintaining session WITHOUT using Client Side
Cookies.
Click to expand...

You might want to be more specific on what you mean by a session--
there are lots of techniques, but not all applicable to every
situation.

Also, comp.infosystems.www.authoring.cgi or the mod_perl list
might be a better place for your question, since there will be
many methods that are not perl-specific. (Most, really.)

--keith

--
(e-mail address removed)-francisco.ca.us
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj9xIKgACgkQhVcNCxZ5ID9sJwCdFod5UP4utpzlEXfhCsUCw9/Z
ij4Anjht445LcPGoY7co14mPOb65VDps
=52Rp
-----END PGP SIGNATURE-----
 
B

Bill

New to Perl, Apache world.
Like to get thoughts on maintaining session WITHOUT using Client Side
Cookies.
Our environment is Perl, Apache, Oracle DB, Unix OS.

What are the capabilities of Server side/Database session management
in this environment? We can't compromise on security and load
balancing (multiple servers).

Thanks
Click to expand...

Have a look at SOAP (this is usable by Perl but is not language dependent):

http://www.perl.com/pub/a/2001/04/24/soap.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

custom session management using Oracle in web garden scenario 2
Fundamentals of Financial Management Concise 7e Brigham Houston 0
Session Cookie Glitch with mod_perl 2.03 and Apache 2.2.6 1
Interview-Today-immediate hire 0
RAM based cookies 3
Session mix-up issue 8
JSP security-session management 1
Very Urgent Requirement, Interview within 3 hours-immediate start 0

Members online

Total: 36 (members: 2, guests: 34)
Robots: 193

Forum statistics

Threads
473,764
Messages
2,569,564
Members
45,039
Latest member
CasimiraVa

Latest Threads

Top