Solved

session cookie

Posted on 2000-05-12
7
236 Views
Last Modified: 2010-03-05
i want to set session cookie,
i saw some cookies of 32 bits from other web sites,
how can they set them?
how to generate a 32bits session cookie?
any one can provide me the code and explaination?
0
Comment
Question by:mwhuen
7 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 20 total points
ID: 2805525
"...i saw some cookies of 32 bits from other web sites, "

as far as i know there is nothing call as a 32 bit cookie.
can you send the web site that gave you this cookie??


here are limitations on the number of cookies that a client can store at any one time. This is a specification of the  minimum number of cookies that a client should be prepared to receive and store.
*          300 total cookies
*         4 kilobytes per cookie, where the name and the OPAQUE_STRING combine to form the 4 kilobyte limit.
*          20 cookies per server or domain. (note that completely specified hosts and domains are treated as separate entities and have a 20 cookie limitation for each, not combined)

     Servers should not expect clients to be able to exceed these limits. When the 300 cookie limit or the 20 cookie per server limit is exceeded, clients should delete the least recently used cookie. When a cookie larger than 4 kilobytes is encountered the cookie should be trimmed to fit, but the name should remain intact as long as it is less than 4 kilobytes.
=========================================
if you are looking a PERL based code that will set and read cookies, i have the same.

pl. let me know if you want it.
0
 

Expert Comment

by:bighuen
ID: 2806411
sorry,
i mean the value of the cookie is 32bit long.

cookie(-name=>bighuen, -value=>'12345678901234567890123456789012')

the value is 32 bits long,

how can i randomly generate it?
the reason for 32bit is for security?
any security in setting cookies?

0
 
LVL 84

Expert Comment

by:ozo
ID: 2806462
Do you mean 32 bits, or 32 digits?
``Anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin.'' --John von Neumann
A problem with using rand to generate secure random numbers is that an attacker can deduce the seed to reproduce your values
You might try to pre-generate a list of random values to use, using the PGP key generator, or taking a large set of  Math::TrulyRandom values and hashing it down with a cryptographically strong hash function...
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:mwhuen
ID: 2826985
i mean 32 digits,
how can i generate secure cookies?
can you show some examples or codes?
thanks
0
 

Author Comment

by:mwhuen
ID: 2933927
Comment accepted as answer
0
 

Author Comment

by:mwhuen
ID: 2933928
i still can't get an good answer about session cookie/value.
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2933986
"i still can't get an good answer about session cookie/value."

i think in that case you should not have awarded the points to me.

i would suggest that you explain clearly what you are looking for. in the explanation above you have mentioned about 32 bit secure cookies.

you need to let us know..

* if you are setting the cookie from a secure server (https://www.xyz.com..).
* if you want the session id to be 32 chars in length.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now