Menu
▾
▴
Re: [WWdevel] Webwork Security Features
|
From: Sam H. <sh...@ma...> - 2007-07-04 15:36:49
|
on 06/27/2007 05:12 PM jf...@pu... said the following:
> Sam,
>
> Hello, it's Justin Floro from Purdue again. If you have a few moments I have
> some more questions about Webwork's security key.
>
> Is the session key generated unique to each Webwork session, or is it a key
> that is generated for a specific student login?
It is unique for each session. If a client attempts to use an expired
key, the key is deleted and the user is prompted for a password. Upon
authenticating, a new key is created. The details are in
lib/WeBWorK/Authen.pm and its subclasses.
> How large is the session key that is generated?
>From conf/global.conf:
# $sessionKeyLength defines the length (in characters) of the session key
$sessionKeyLength = 32;
# @sessionKeyChars lists the legal session key characters
@sessionKeyChars = ('A'..'Z', 'a'..'z', '0'..'9');
> How is the session key generated?
$sessionKeyLength random characters are selected from @sessionKeyChars.
> Thanks again for your help.
No problem.
-sam
|
