[OWASP_PHPSEC] Session Management Library : Adding location of sessions

Shivam Dixit shivamd001 at gmail.com
Tue Sep 10 20:05:34 UTC 2013

Hello Abbas,

Thanks for explaining me the point. I will search on internet how this can
be implemented and then will come up with another idea.

On Tue, Sep 10, 2013 at 7:05 PM, Abbas Naderi <abiusx at owasp.org> wrote:

> Ok,
> It needs to be plug-able (i.e creating its own tables, without any side
> effects) because not everybody wants the locations and the overhead
> assigned to them.
> It should also be able to retrive location databases automatically, and
> check for its requirements.
> It needs to work asynchronously, meaning that it should not block the
> session creation or update while it retrives the location (only if it takes
> more than a reasonable time, say 200 miliseconds). For how to do that, you
> have to google around.
> Any more elaboration?
> -Abbas
>      ______________________________________________________________
> *Notice:** *This message is *digitally signed*, its *source* and *
> integrity* are verifiable.
> If you mail client does not support S/MIME verification, it will display a
> file (smime.p7s), which includes the X.509 certificate and the signature
> body.  Read more at Certified E-Mail with Comodo and Thunderbird<http://abiusx.com/certified-e-mail-with-comodo-and-thunderbird/> in
> AbiusX.com
> On Sep 10, 2013, at 9:21 AM, Shivam Dixit <shivamd001 at gmail.com> wrote:
> Hello Abbas,
> Rahul told me that we have to *store session location* also, which is
> part of *phase 2* but I can work on it if I want to.
> Can you please elaborate a bit on "plug-able system that works
> asynchronously" ?
> Thanks
> On Tue, Sep 10, 2013 at 6:47 PM, Abbas Naderi <abiusx at owasp.org> wrote:
>> It isn't a mandatory session function, and make the system very slow. The
>> better idea is to have it as a plug-able system that works asynchronously.
>> -A
> --
> *Cheers,*
> *Shivam*

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20130911/e3f5e1eb/attachment-0001.html>

More information about the OWASP_PHP_Security_Project mailing list