> > > I'm still very much a beginner, but I'm starting to see how establishing a > concept of sessions could be quite handy for my website. So I was thinking > of coming up with session ids, which could be some encoded combination of > their ip address, user name, and the date/time of that session's start. The > server would embed the session id into hidden fields or cookies, and use it > to determine which areas of the site are available to that user. > > Is this a common thing to do? Am I on the right track with this? And if > so, does perl offer an easy way to encode those three things into a string > of apparent gobbledygook and back? > > TIA. > > - Bryan
This is discussed frequently on this list and is mostly a matter of preference and/or user demands on how you implement it, aka cookie/url munging, session ids/user authentication, etc. You should check the archives for past discussion. Apache::Session in particular is highly regarded, though there are other modules available on CPAN. Questions, yes it is a very common thing to do, yes you are on the right track, and if you want to mess with the lower level yourself, doing SHA1/MD5 hashes are probably the easiest (to me), aka encode the data give it to the client, then during the next request re-encode the data and compare the two. I would suggest avoiding doing anything with IP addresses completely as they are not consistent from user request to request because of things such as proxies. HTH, http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
