Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Aug 2002
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cookie based authentication

    I have a simple web application where nothing really sensitive is stored, no payment info. So super top-level security is not required.

    The way it works, a persistent login is the norm (app is often kept open in the background) and after successful login the things I need to keep persistent are user_id and group_id

    My question, is can I just use a cookie in conjunction with a token hash (stored in database) and do everything from that.

    COOKIE['token'] = user_id_val+group_id_val+hash_in_db

    would look like: 23-144-jhwr8324398fjk2j49083223n23

    So all I need is a little function to parse that cookie string and do everything from that. Someone could change the values in their cookie but obviously the hash won't match.

    when they do happen to logout-login, I'll update the hash/token.

    does this seem secure enough and reasonably sensible?

  • #2
    Regular Coder poyzn's Avatar
    Join Date
    Nov 2010
    Posts
    266
    Thanks
    2
    Thanked 61 Times in 61 Posts
    cookies are not secured way. they can be stolen and used on another computer for authentication. I would recommend using sessions.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •