--- [EMAIL PROTECTED] wrote:
> what about a sesion id based on their IP? or soem relevent info like that?
Here's how I create session IDs:
my $md5 = new Digest::MD5;
my $remote = $ENV{ REMOTE_ADDR } . $ENV{ REMOTE_PORT } . $self->{ _rand };
my $id = $md5->md5_base64( time, $$, $remote );
$id =~ tr|+/=|-_.|; # Make non-word characters URL-friendly
The "Make ... URL-friendly" part is in case I need to embed the session ID in a URL.
As for the "_rand" on the end, that's a random number that I tack onto the end to
ensure unique
ids are generated.
> may be a stupid way to do it.. but i track the "count" of how many users are
> currently at my site by their IP/timestamp that is saved for 5 min. if
> someone accesses the web site 5+ min after a timestamp those IP's are deleted
> and the list is updated to only include IP hits within the last 5 min. so in
> short it keeps a "somewhat crappy" count of how many are currently viewing
> the site...
Actually, you don't want to track their IP. Many people will connect with a different
IP every
time, if they are on AOL or are have some corporate proxy server that assigns new IPs.
I just use
the IP for an initial seed. If you recompute with the assumption that the IP is
static, many
people will be kicked off.
As for how to enforce the 5 minute limit, I save a timestamp in a database and compare
everything
to that. Remember, when dealing with security, you can't trust *anything* outside of
your box.
Cheers,
Curtis "Ovid" Poe
=====
"Ovid" on http://www.perlmonks.org/
Someone asked me how to count to 10 in Perl:
push@A,$_ for reverse q.e...q.n.;for(@A){$_=unpack(q|c|,$_);@a=split//;
shift@a;shift@a if $a[$[]eq$[;$_=join q||,@a};print $_,$/for reverse @A
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
