Automatic encrypting and decrypting of client session data.
Using the clientsession package, this middleware handles automatic
encryption, decryption, checking, expiration and renewal of whichever
cookies you ask it to. For example, if you tell it to deal with the
cookie "IDENTIFIER", it will do the following:
- When you specify an "IDENTIFIER" value in your Response, it will
encrypt the value, along with the session expiration date and the
REMOTE_HOST of the user. It will then be set as a cookie on the client.
- When there is an incoming "IDENTIFIER" cookie from the user, it will
decrypt it and check both the expiration date and the REMOTE_HOST. If
everything matches up, it will set the "IDENTIFIER" value in
hackHeaders.
- If the client sent an "IDENTIFIER" and the application does not set
a new value, this will reset the cookie to a new expiration date. This
way, you do not have sessions timing out every 20 minutes.
As far as security: clientsesion itself handles hashing and encrypting
the data to make sure that the user can neither see not tamper with it.
|