Re: help: How to track user session with fastcgi - Valery Kholodkov - ru.sysoev.nginx

7 messages in ru.sysoev.nginxRe: help: How to track user session w...

From	Sent On	Attachments
Yingyuan Cheng	Oct 25, 2007 2:21 am
焦胜强	Oct 25, 2007 2:54 am
Yingyuan Cheng	Oct 25, 2007 3:28 am
Maxim Dounin	Oct 25, 2007 4:00 am
Valery Kholodkov	Oct 25, 2007 4:34 am
Yingyuan Cheng	Oct 25, 2007 6:08 pm
Yingyuan Cheng	Oct 25, 2007 6:31 pm

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: help: How to track user session with fastcgi	Actions...
From:	Valery Kholodkov (vale...@public.gmane.org)
Date:	Oct 25, 2007 4:34:03 am
List:	ru.sysoev.nginx

If you want some way to assign session id to user for security/external data storage identifier etc (the "sessions" in php's meaning) - you should use other means to generate them.

Note: cookies generated by userid module shouldn't be used as security identifier, since malicious user can easily guess other user's cookie.

You could implement signed cookies like OpenACS or Django do:

http://openacs.org/doc/current/security-design.html

http://code.djangoproject.com/ticket/3285

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: