View Full Version : Cookies: Are they unsecure?
01-07-2004, 04:15 AM
01-07-2004, 05:17 AM
On a forum, it will ask you to login. The info will be stored in a cookie. If the user has cookies disabled, it will say they logged in. on the next page and may say they have X amount of new messages, etc. But if they try to view a topic they shouldn't or do anything that a guest couldn't do, it will fail to see that they are logged in when it checks. It may be good practise to avoid using cookies unless you absolutely have to. You may want to make a notice or custom error message saying that cookies are required when you must use them.
01-07-2004, 05:44 AM
Never keep sensitive data in a cookie, and don't rely on support for cookies at all.
If you use PHP sessions it will store a cookie for the sessionid, and all other data will be stored on the server itself. If the client doesn't allow cookies then it will use transient SID - write the sessionid into URLs and forms and carry it between pages in GET or POST information.
01-07-2004, 10:28 AM
I would be interested to see any stats on how many users have cookies enabled/disabled (could not find any at a quick glance) but SecuritySpace.com (http://www.securityspace.com/s_survey/data/man.200312/cookieReport.html) reckon that 18% of sites utilise them , & many sites (wrongly IMO) rely on cookies for shopping carts etc to the extent that the site will not work without them.
All major browsers come with cookies enabled by default though some will disable them, but mostly not I suspect ... as Tail suggests if your site needs them , let the user know!
To check if your site works without cookies simply disable them in your browser preferences and see what happens !
Powered by vBulletin® Version 4.2.2 Copyright © 2015 vBulletin Solutions, Inc. All rights reserved.