RE: [users@httpd] Are cookies associated with connection?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In my experience, cookies are not associated with any connection.
Normally, to ensure no cookie type session hacking, there is some sort of
encryption of variables associated with generating cookies. I have written
several such mechanisms, and would suggest the same. This way, it is
secure throughout YOUR use of the cookie, and more difficult for someone
to hack it. You just need to share a common 'seed' with your
servers/pages. i.e. Encrypt a few client side variables, username, etc...
-> write the cookie -> read the cookie -> decrypt the cookie. 



-----Original Message-----
From: Arne.Heizmann@xxxxxxx [mailto:Arne.Heizmann@xxxxxxx] 
Sent: Wednesday, May 25, 2005 9:01 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Are cookies associated with connection?

Naresh Agarwal wrote:
>  
> Are cookies are associated with underlying connection or they are 
> independent of the physical connection.

Most servers do not support persistent connections anyway (supposedly 
because they're resource-intensive... that's what LiveJournal.com 
sysadmins told me). Clearly, since these services still provide log-in 
mechanisms -- even ones that persist when you close and restart your 
browser! -- the cookies must remain valid throughout several connections.


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

**********************************************************************


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux