Nagy László Zsolt
nagylzs at freemail.hu
Fri Jul 11 19:39:37 CEST 2003
>>My suggestion is to
>>authenticate the cookies with a cryptographic checksum and verify the
>>authentication before deserializing the cookies. That's probably the
>>simplest approach. Keeping session info on a multi-process server (or
>>worse, a multi-server network) needs some kind of concurrent storage
>Do you mean transmit the checksum to the client with the cookie? And
>check that they match when the cookie and checksum come back?
>Or is the checksum stored on the server, in some form of lookup
>dictionary keyed by some user session identifier?
I think he wanted to write a digital signature instead. Right?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-list