[erlang-questions] secure use of cookies in an erlang application
Max Lapshin
max.lapshin@REDACTED
Tue May 15 21:44:52 CEST 2012
Ruby on Rails implements a wonderful idea:
you pack your session as a JSON: {user_id : 15, ip : "23.45.67.89",
expire_at : 1234567780},
then you take base64 from it,
then you concat base64 with secret key and take sha1 from it.
Cookie = base64(Session) ++ "--" ++ sha1(base64(Session) ++ SecretKey)
later on each request you validate that session is signed properly,
check IP address, timeout and use your really stateless session.
More information about the erlang-questions
mailing list