nginx keeping session
Dave Cheney
dave at cheney.net
Wed Oct 22 15:08:58 MSD 2008
> eh, depending on what you're storing couldn't it hit the RFC cookie
> limit pretty easily?
The only piece of data you would need is the user id. Everything else
can be deduced from that.
> i suppose it has some sort of key and expiry in it so people can't
> spoof alternate expiry times etc.
Not really sure, haven't used it in production and I'm not working
with rails at the moment. You make a good point thou, you probably
need two things, the user id, and an expiry time encoded in the
cookies value.
Cheers
Dave
More information about the nginx
mailing list