[thesite] high level cookie question..
John Handelaar
john at userfrenzy.com
Wed Jun 6 06:50:37 CDT 2001
> -----Original Message-----
> From: thesite-admin at lists.evolt.org
> [mailto:thesite-admin at lists.evolt.org]On Behalf Of Daniel J. Cody
> Sent: 06 June 2001 04:58
> To: thesite at lists.evolt.org
> Subject: Re: [thesite] high level cookie question..
>
> ya. i hear that... do you see my problem though in how we're going to
> have different languages grep a cookie to tell if a person is logged in
> or not *without* touching the DB?
I'm not sure it can be done *securely* without touching
the DB. If whatever you put in the cookie isn't hashed,
I can edit it. If it is hashed, you have to check it (else
I could just make up a fake hash for djc, for example).
Unless someone else has a fantastic idea I've never
seen before, that is...
[Back in the office after a week off-site at fscking last]
------------------------------------------
John Handelaar
T +44 20 7209 4117 M +44 7930 681789
F +44 870 169 7657 E john at userfrenzy.com
------------------------------------------
More information about the thesite
mailing list