Jump to content

[SOLVED] Best practices for user authentication?


Boo-urns

Recommended Posts

one quick thing....

if someone gets a cookie that is good, and uses it, then the system will set another good cookie on their computer....

so then they can keep getting good cookies that will allow them access to the user's info.

Yes...that is the point. But only if "Remember Me" was checked at some point.

Link to comment
Share on other sites

one quick thing....

if someone gets a cookie that is good, and uses it, then the system will set another good cookie on their computer....

so then they can keep getting good cookies that will allow them access to the user's info.

Yes...that is the point. But only if "Remember Me" was checked at some point.

 

I guess, thinking about it....the vulnerability of the system I was using was that if someone stole a good cookie, then they could use that to keep gaining access to the user's info.

 

However, here again with this system, if someone steals a good cookie, they can keep using it to gain access to user's info.  because the system is designed to keep giving them good cookies.

 

there is a small difference in security, that I see, but not much.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.