[OWASP_PHPSEC] Session Management Library : Adding location of sessions

Abbas Naderi abiusx at owasp.org
Tue Sep 10 13:35:15 UTC 2013


Ok,
It needs to be plug-able (i.e creating its own tables, without any side effects) because not everybody wants the locations and the overhead assigned to them.
It should also be able to retrive location databases automatically, and check for its requirements.

It needs to work asynchronously, meaning that it should not block the session creation or update while it retrives the location (only if it takes more than a reasonable time, say 200 miliseconds). For how to do that, you have to google around.

Any more elaboration?
-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Sep 10, 2013, at 9:21 AM, Shivam Dixit <shivamd001 at gmail.com> wrote:

> Hello Abbas,
> 
> Rahul told me that we have to store session location also, which is part of phase 2 but I can work on it if I want to.
> 
> Can you please elaborate a bit on "plug-able system that works asynchronously" ?
> 
> Thanks
> 
> 
> On Tue, Sep 10, 2013 at 6:47 PM, Abbas Naderi <abiusx at owasp.org> wrote:
> It isn't a mandatory session function, and make the system very slow. The better idea is to have it as a plug-able system that works asynchronously.
> -A
> 
> 
> -- 
> Cheers,
> Shivam

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130910/4e7da3fe/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list