[erlang-questions] Secure sessions in Cowboy

Lloyd R. Prentice lloyd@REDACTED
Thu Apr 17 05:37:12 CEST 2014


A few years ago Joe Armstrong kicked off a wonderful discussion of web authentication on erlang-questions. Thu Jul 7 21:29:23 CEST 2011. Fred Hébert contributed an outstanding Quick Guide. Thu Jul 7 22:04:58 CEST 2011. Now I'm near the scary point of having to write real code to manage secure sessions. I'd be much grateful if some kind soul could take a look at my outline below and point out, if any, the errors of my ways:


1. Log-in and session under SSL
2. Encrypt and store password - considering Hébert's erlpass for password management; DETS for credentials storage


1. Limit number of log-in attempts; resume after time delay
2. Time-limited cookies to manage sessions
3. Session state - store in process or ETS?
4. Append unique tokens to forms

Are there better options for any step? Am I missing anything?

Many thanks,


Sent from my iPad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140416/d9b7c364/attachment.htm>

More information about the erlang-questions mailing list