Re: is it safe to store a cookie user id as a login for my site
- From: "Richard Formby" <newsgroups@xxxxxxxxxxxxxxx>
- Date: Fri, 16 Feb 2007 10:23:29 GMT
"monomaniac21" wrote
hi
G'day.
i have a php site which allows users to save a cookie on their
computer which stores their user id details and allows them to auto-
login.
i'm wondering whether this is safe, is it possible for a malicious
user to find that cookie and change its value and therefore auto-login
as someone else? and if so how can this be prevented?
How could a "malicious user" gain access to a cookie stored somewhere in
your your users computer, unless they break into your users house? My
browser regularly asks me if I wish it to "remember" my userid/password
detailss for next time. Often I tell it to do so.
Then again your user may be just silly enough to store your cookie on the
public libraries computer. Their problem then IMHO.
.
- Follow-Ups:
- Re: is it safe to store a cookie user id as a login for my site
- From: Gordon Burditt
- Re: is it safe to store a cookie user id as a login for my site
- From: monomaniac21
- Re: is it safe to store a cookie user id as a login for my site
- References:
- is it safe to store a cookie user id as a login for my site
- From: monomaniac21
- is it safe to store a cookie user id as a login for my site
- Prev by Date: Re: Random Map Generation
- Next by Date: Re: is it safe to store a cookie user id as a login for my site
- Previous by thread: is it safe to store a cookie user id as a login for my site
- Next by thread: Re: is it safe to store a cookie user id as a login for my site
- Index(es):
Relevant Pages
|
