Solved

session cookie

Posted on 2000-05-12
7
238 Views
Last Modified: 2010-03-05
i want to set session cookie,
i saw some cookies of 32 bits from other web sites,
how can they set them?
how to generate a 32bits session cookie?
any one can provide me the code and explaination?
0
Comment
Question by:mwhuen
7 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 20 total points
ID: 2805525
"...i saw some cookies of 32 bits from other web sites, "

as far as i know there is nothing call as a 32 bit cookie.
can you send the web site that gave you this cookie??


here are limitations on the number of cookies that a client can store at any one time. This is a specification of the  minimum number of cookies that a client should be prepared to receive and store.
*          300 total cookies
*         4 kilobytes per cookie, where the name and the OPAQUE_STRING combine to form the 4 kilobyte limit.
*          20 cookies per server or domain. (note that completely specified hosts and domains are treated as separate entities and have a 20 cookie limitation for each, not combined)

     Servers should not expect clients to be able to exceed these limits. When the 300 cookie limit or the 20 cookie per server limit is exceeded, clients should delete the least recently used cookie. When a cookie larger than 4 kilobytes is encountered the cookie should be trimmed to fit, but the name should remain intact as long as it is less than 4 kilobytes.
=========================================
if you are looking a PERL based code that will set and read cookies, i have the same.

pl. let me know if you want it.
0
 

Expert Comment

by:bighuen
ID: 2806411
sorry,
i mean the value of the cookie is 32bit long.

cookie(-name=>bighuen, -value=>'12345678901234567890123456789012')

the value is 32 bits long,

how can i randomly generate it?
the reason for 32bit is for security?
any security in setting cookies?

0
 
LVL 84

Expert Comment

by:ozo
ID: 2806462
Do you mean 32 bits, or 32 digits?
``Anyone who attempts to generate random numbers by deterministic means is, of course, living in a state of sin.'' --John von Neumann
A problem with using rand to generate secure random numbers is that an attacker can deduce the seed to reproduce your values
You might try to pre-generate a list of random values to use, using the PGP key generator, or taking a large set of  Math::TrulyRandom values and hashing it down with a cryptographically strong hash function...
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 

Author Comment

by:mwhuen
ID: 2826985
i mean 32 digits,
how can i generate secure cookies?
can you show some examples or codes?
thanks
0
 

Author Comment

by:mwhuen
ID: 2933927
Comment accepted as answer
0
 

Author Comment

by:mwhuen
ID: 2933928
i still can't get an good answer about session cookie/value.
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2933986
"i still can't get an good answer about session cookie/value."

i think in that case you should not have awarded the points to me.

i would suggest that you explain clearly what you are looking for. in the explanation above you have mentioned about 32 bit secure cookies.

you need to let us know..

* if you are setting the cookie from a secure server (https://www.xyz.com..).
* if you want the session id to be 32 chars in length.

0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now