[cgiapp] enciphered-cookie-only sessions
jason at journalistic.com
Mon Mar 10 09:14:28 EDT 2008
This probably goes without saying, but I would add that this approach
isn't for every application. For example, we have an e-commerce
application that has our user leaving our site to complete a credit card
transaction and then comes back to our site to complete the order with
the session id. Very rarely, a disconnect happens where the user has
paid at the credit card site and their cookie was deleted on the client
side. When that does happen, I'm able to manually reconcile the credit
card transaction against the session information we have on our server.
If we used this technique and that disconnect happened, I would have to
void the transaction because I have lost the order information.
Ricardo SIGNES wrote:
> Leon Brocard recently uploaded this:
> It's a Catalyst plugin that stores your whole session in the cookie. It's
> stored as a base64-encoded, Rijndael-enciphered, JSON-encoded string. This
> seemed like a swell idea for me, since:
> a. I'm tired of session files cluttering things up.
> b. I don't feel like creating a session db.
> c. My session contents are tiny.
> I threw together a quick implementation last night, just for Rubric, and I've
> already replaced my use of CAP::Session with it. I'll refactor it for use as a
> real plugin later this week, probably.
More information about the cgiapp