help: How to track user session with fastcgi

Yingyuan Cheng yingyuan at staff.sina.com.cn
Fri Oct 26 05:31:59 MSD 2007


Thank you Valery Kholodkov.

I think it deserves to be developed.

--
yingyuan

Valery Kholodkov 写道:
>> If you want some way to assign session id to user for security/external
>> data storage identifier etc (the "sessions" in php's meaning) - you should
>> use other means to generate them.
>>
>> Note: cookies generated by userid module shouldn't be used as security
>> identifier, since malicious user can easily guess other user's cookie.
>>     
>
> You could implement signed cookies like OpenACS or Django do:
>
> http://openacs.org/doc/current/security-design.html
>
> http://code.djangoproject.com/ticket/3285
>
>   







More information about the nginx mailing list