session management / authentication

To: debian-user <debian-user@lists.debian.org>
Subject: session management / authentication
From: Alexander Steinert <stony8@gmx.de>
Date: Thu, 27 Sep 2001 13:20:11 +0200
Message-id: <[🔎] 20010927132011.A11668@minerva.svt.tu-harburg.de>
Mail-followup-to: Alexander Steinert <stony8@gmx.de>, debian-user <debian-user@lists.debian.org>

Could you give me hints (URLs, book titles) to inform me about
session management / user authentication on a web server? I'm planning a
DBMS-backed web app. (using apache, postgresql, python).

My current aproach is to use https, let the user auth. himself via
password and generate a session id so that subsequent requests are valid
if this id is used. The id becomes invalid when the user quits the
session or after 10 minutes of inactivity.

What are the problems with "my" approach? (There have to be some, since
I see so many sites not following it.)

TIA

Stony

Reply to:

Prev by Date: Re: duplicates in mutt? (was: Deleting duplicate ...)
Next by Date: Debian From Scratch?
Previous by thread: Re: moving to reiserfs/libc6
Next by thread: Debian From Scratch?
Index(es):
- Date
- Thread