[cgiapp] enciphered-cookie-only sessions
Mark Fuller
azfuller at gmail.com
Mon Mar 10 09:06:30 EDT 2008
On Mon, Mar 10, 2008 at 3:56 AM, Ricardo SIGNES
<perl.cgiapp at rjbs.manxome.org> wrote:
> stores your whole session in the cookie. It's stored as a base64-encoded,
> Rijndael-enciphered, JSON-encoded string. This seemed like a swell idea for me,
I hear a lot about brute-force attacks on encryption. Also, that what
seemed like a terrific amount of brute force 5-10 years ago isn't
today. Is that a concern (if someone steals cookies)?
Mark
More information about the cgiapp
mailing list