persistant data
Randy Wigginton
krw at nobugz.com
Tue Sep 5 19:03:38 UTC 2006
An alternative that is not military-grade secure, but sufficient for
most applications, is to store the user's session with a generated
UUID and put the UUID into a cookie for the user. Chances of a
collision are sufficiently low for 99% of applications.
On Sep 5, 2006, at 2:58 PM, Perrin Harkins wrote:
> On Tue, 2006-09-05 at 12:27 -0400, Evert|Rooftop wrote:
>> How can you authenticate with a cookie if you don't have something on
>> the server-side to match with
>
> A MAC works for this. All you need is a server-side secret key. See
> http://www.openfusion.com.au/labs/mod_auth_tkt/ for an example
> implementation.
>
> - Perrin
>
More information about the memcached
mailing list