[Cgi-session-user] two feature requests
Brought to you by:
sherzodr
Menu
▾
▴
[Cgi-session-user] two feature requests
|
From: <ju...@jh...> - 2006-08-29 14:11:53
|
Hi! Though my last thought here on the list was useless since such a module has already been written, here are another two. Scenario: A user opens a web page, the server generates a session id and assigns this to the users browser to keep track of him. The user adds goods into his shopping basket and then logs in. For security reasons assign all users that log in a new session id, regardless of the old one (if it's valid and active or not). What about CGI::Session relieve the programmer of loading the session, saving the content, delete the old, create a new and insert the content of the old (except the old id) in the new one? Mentioning security, expire() provides a way setting soft timeouts: A user can extend the livetime by accessing a site each expire - 1 seconds. What about a hard timeout that can't be extended? Bye, Jürgen |
