• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 246
  • Last Modified:

session cookie

i want to set session cookie,
i saw some cookies of 32 bits from other web sites,
how can they set them?
how to generate a 32bits session cookie?
any one can provide me the code and explaination?
0
mwhuen
Asked:
mwhuen
1 Solution
 
maneshrCommented:
"...i saw some cookies of 32 bits from other web sites, "

as far as i know there is nothing call as a 32 bit cookie.
can you send the web site that gave you this cookie??


here are limitations on the number of cookies that a client can store at any one time. This is a specification of the  minimum number of cookies that a client should be prepared to receive and store.
*          300 total cookies
*         4 kilobytes per cookie, where the name and the OPAQUE_STRING combine to form the 4 kilobyte limit.
*          20 cookies per server or domain. (note that completely specified hosts and domains are treated as separate entities and have a 20 cookie limitation for each, not combined)

     Servers should not expect clients to be able to exceed these limits. When the 300 cookie limit or the 20 cookie per server limit is exceeded, clients should delete the least recently used cookie. When a cookie larger than 4 kilobytes is encountered the cookie should be trimmed to fit, but the name should remain intact as long as it is less than 4 kilobytes.
=========================================
if you are looking a PERL based code that will set and read cookies, i have the same.

pl. let me know if you want it.
0
 
bighuenCommented:
sorry,
i mean the value of the cookie is 32bit long.

cookie(-name=>bighuen, -value=>'12345678901234567890123456789012')

the value is 32 bits long,

how can i randomly generate it?
the reason for 32bit is for security?
any security in setting cookies?

0
 
ozoCommented:
Do you mean 32 bits, or 32 digits?
``Anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin.'' --John von Neumann
A problem with using rand to generate secure random numbers is that an attacker can deduce the seed to reproduce your values
You might try to pre-generate a list of random values to use, using the PGP key generator, or taking a large set of  Math::TrulyRandom values and hashing it down with a cryptographically strong hash function...
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
mwhuenAuthor Commented:
i mean 32 digits,
how can i generate secure cookies?
can you show some examples or codes?
thanks
0
 
mwhuenAuthor Commented:
Comment accepted as answer
0
 
mwhuenAuthor Commented:
i still can't get an good answer about session cookie/value.
0
 
maneshrCommented:
"i still can't get an good answer about session cookie/value."

i think in that case you should not have awarded the points to me.

i would suggest that you explain clearly what you are looking for. in the explanation above you have mentioned about 32 bit secure cookies.

you need to let us know..

* if you are setting the cookie from a secure server (https://www.xyz.com..).
* if you want the session id to be 32 chars in length.

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now