[13655] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Sessions

daemon@ATHENA.MIT.EDU (Derek Atkins)
Mon Jun 16 22:09:15 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Pat Farrell <pfarrell@pfarrell.com>
Cc: cryptography@metzdowd.com
From: Derek Atkins <derek@ihtfp.com>
Date: 16 Jun 2003 21:50:38 -0400
In-Reply-To: <5.2.0.9.0.20030616105315.03aa0d90@pop3.stickdog.com>

Pat Farrell <pfarrell@pfarrell.com> writes:

> The solution is not very hard, set a cookie with a strongly created
> nonce, use that to index into the table of valid sessions. At least
> it is easy until you want to scale it to many servers.

This is what a backend database is for. ;)

> Pat

-derek, who just implemented something like this for one of his clients

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[13655] in cryptography@c2.net mail archive

Re: Sessions

daemon@ATHENA.MIT.EDU (Derek Atkins)Mon Jun 16 22:09:15 2003

daemon@ATHENA.MIT.EDU (Derek Atkins)
Mon Jun 16 22:09:15 2003