persistant data

Perrin Harkins perrin at
Tue Sep 5 20:30:09 UTC 2006

On Tue, 2006-09-05 at 15:03 -0400, Randy Wigginton wrote:
> An alternative that is not military-grade secure, but sufficient for  
> most applications, is to store the user's session with a generated  
> UUID and put the UUID into a cookie for the user. 

A MAC approach has the advantages that no one can steal a session just
by guessing an active ID and that you don't need to go back to a
database or memcached in order to authenticate the user for access to
members-only parts of a site.

- Perrin

More information about the memcached mailing list