Gossamer Forum
(Advanced Search)
for
Home : Products : Gossamer Links : Version 1.x :

user.cgi (needed feature)

Dec 29, 1999, 6:38 PM
widgetz
Veteran (2260 posts)
Dec 29, 1999, 6:38 PM
Post #1 of 8
Views: 2945
Shortcut
Quote Reply
user.cgi (needed feature)
anyone know what exactly is done when you select remember my username and password on other sites? Links SQL is not the same because of the Session thing..

how can we do it with sessions? and perhaps not saving the users password in plain text in a cookie like UBB Smile

jerry
Dec 29, 1999, 9:11 PM
widgetz
Veteran (2260 posts)
Dec 29, 1999, 9:11 PM
Post #2 of 8
Views: 2868
Shortcut
Quote Reply
Re: user.cgi (needed feature) In reply to
i don't know.. Smile

jerry
Dec 29, 1999, 9:56 PM
Alex
Administrator (9387 posts)
Dec 29, 1999, 9:56 PM
Post #3 of 8
Views: 2856
Shortcut
Quote Reply
Re: user.cgi (needed feature) In reply to
You've pretty much got it. Normally they store the person's username and passwords (sometimes encrypted, other times not) in one or more cookies. Then when you go to the page, the program checks if you have a session id, if not, check if you have the other two cookies. If you do, check the other cookies and log the person in.

Cheers,

Alex
Dec 30, 1999, 7:28 AM
pugdog
Veteran / Moderator (6956 posts)
Dec 30, 1999, 7:28 AM
Post #4 of 8
Views: 2876
Shortcut
Quote Reply
Re: user.cgi (needed feature) In reply to
But what is the "payoff" for trying to crack someones log-in cookie?

Dec 30, 1999, 9:32 AM
pugdog
Veteran / Moderator (6956 posts)
Dec 30, 1999, 9:32 AM
Post #5 of 8
Views: 2874
Shortcut
Quote Reply
Re: user.cgi (needed feature) In reply to
sites can do different things. Have you looked at the CGI.pm cookies docs?

Most sites that "remember" you save a cookie on your machine with an identification. There are complicated ways to make sure the identification and session and computer information is the same.

Some stores the information in your cookie, others encrypts it, and use that encrypted value to allow you to get in.

I think the reason for the "remember me" box is because the state information is saved at least in part to a cookie, and you make the user ask for you to do it.

Sessions can expire, but identification usually doesn't. If you don't expire sessions, you eventually eat up all your free storage Smile

Dec 30, 1999, 9:52 AM
widgetz
Veteran (2260 posts)
Dec 30, 1999, 9:52 AM
Post #6 of 8
Views: 2869
Shortcut
Quote Reply
Re: user.cgi (needed feature) In reply to
if no one knows how they do it.. i'm just gonna go for this..

whenever the user comes by.. if no session.. check for remember me cookie.. if true get password (which is encrypted in the remember me cookie using perl's encrypt) compare to encrypted mysql user's password.. if match.. create session..

i don't feel safe using encrypt though.. all those unix password crackers out there Smile

jerry
Dec 30, 1999, 10:59 AM
widgetz
Veteran (2260 posts)
Dec 30, 1999, 10:59 AM
Post #7 of 8
Views: 2871
Shortcut
Quote Reply
Re: user.cgi (needed feature) In reply to
cool! i'll work on this sometime soon.. maybe now.. first i wanna reply to some of these threads.. some are actually interesting.. Smile

jerry
Dec 30, 1999, 12:10 PM
pugdog
Veteran / Moderator (6956 posts)
Dec 30, 1999, 12:10 PM
Post #8 of 8
Views: 2861
Shortcut
Quote Reply
Re: user.cgi (needed feature) In reply to
For the lull time of year between X-mas and New Years, this forum is HOT Smile



------------------
POSTCARDS.COM -- Everything Postcards on the Internet www.postcards.com
LinkSQL FAQ: www.postcards.com/FAQ/LinkSQL/