- From: Joseph Arceneaux <jla@arceneaux.com>
- Date: Tue, 23 Jul 96 21:49 PDT
- To: lentz@annie.astro.nwu.edu
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
From: Robert A. Lentz <lentz@annie.astro.nwu.edu> Date: Tue, 23 Jul 1996 19:44:44 -0500 (CDT) Greetings, The current cookie proposal appears insufficient to assure a secure environment for providing state management in an authenticated system where multiple users have access to the same single-user machine. ... I believe there are a number of solutions to this problem, none of which require changes to the protocol. One example would be to store the user's password as part of the session info on the server, and use it to encrypt/decrypt the cookie. When the first student ends their session (or it times out), the cookie stored on the browser side becomes meaningless until replaced with a cookie for a new session. Joe ---- Joseph Arceneaux Arceneaux Consulting http://www.arceneaux.com jla@arceneaux.com +1 415 648 9988 (direct) +1 415 341 1395 (fax) +1 500 488 9308
Received on Tuesday, 23 July 1996 21:54:47 UTC