Users and session ids

From: "C G" <csgcsg39(at)hotmail(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: Users and session ids
Date: 2003-12-08 14:23:26
Message-ID: Law12-F52PM6LBBglhR000198ec@hotmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

Dear All,

After the great help I had with my managing users question, I have another
small question :) How should I incorparate session ids. My current scheme is
as follows:

1. A user logs into the database (through web, webservice, some other piece
of software)
2. We generate a random session key which will expire in 1 hour. Put this in
table (user, SessKey, time).
3. Give key to user.
4. User wants to do something else, so passes us the session key (cookie for
instance).
5. Should we now log onto the database a user 'nobody' who can only excute a
function which will change the user, e.g. Function = Set username to where
the session keys match.
6. Check the timestamp every so often to delete the sessionkey.

Is this right way of going about things?

Many thanks (again)

Colin

_________________________________________________________________
Sign-up for a FREE BT Broadband connection today!
http://www.msn.co.uk/specials/btbroadband

Browse pgsql-novice by date

  From Date Subject
Next Message Tom Lane 2003-12-08 16:06:01 Re: duplicate entries on primary key
Previous Message Andrew Kelly 2003-12-08 13:49:38 Truncation on restore