premiso Posted January 21, 2009 Share Posted January 21, 2009 one quick thing.... if someone gets a cookie that is good, and uses it, then the system will set another good cookie on their computer.... so then they can keep getting good cookies that will allow them access to the user's info. Yes...that is the point. But only if "Remember Me" was checked at some point. Quote Link to comment https://forums.phpfreaks.com/topic/141612-solved-best-practices-for-user-authentication/page/2/#findComment-742525 Share on other sites More sharing options...
limitphp Posted January 21, 2009 Share Posted January 21, 2009 one quick thing.... if someone gets a cookie that is good, and uses it, then the system will set another good cookie on their computer.... so then they can keep getting good cookies that will allow them access to the user's info. Yes...that is the point. But only if "Remember Me" was checked at some point. I guess, thinking about it....the vulnerability of the system I was using was that if someone stole a good cookie, then they could use that to keep gaining access to the user's info. However, here again with this system, if someone steals a good cookie, they can keep using it to gain access to user's info. because the system is designed to keep giving them good cookies. there is a small difference in security, that I see, but not much. Quote Link to comment https://forums.phpfreaks.com/topic/141612-solved-best-practices-for-user-authentication/page/2/#findComment-742532 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.