perrin at elem.com
Tue Sep 5 20:30:09 UTC 2006
On Tue, 2006-09-05 at 15:03 -0400, Randy Wigginton wrote:
> An alternative that is not military-grade secure, but sufficient for
> most applications, is to store the user's session with a generated
> UUID and put the UUID into a cookie for the user.
A MAC approach has the advantages that no one can steal a session just
by guessing an active ID and that you don't need to go back to a
database or memcached in order to authenticate the user for access to
members-only parts of a site.
More information about the memcached