Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: Cookie based authentication
11-16-2010, 09:28 PM #1
- Join Date
- Aug 2002
- Thanked 0 Times in 0 Posts
Cookie based authentication
I have a simple web application where nothing really sensitive is stored, no payment info. So super top-level security is not required.
The way it works, a persistent login is the norm (app is often kept open in the background) and after successful login the things I need to keep persistent are user_id and group_id
My question, is can I just use a cookie in conjunction with a token hash (stored in database) and do everything from that.
COOKIE['token'] = user_id_val+group_id_val+hash_in_db
would look like: 23-144-jhwr8324398fjk2j49083223n23
So all I need is a little function to parse that cookie string and do everything from that. Someone could change the values in their cookie but obviously the hash won't match.
when they do happen to logout-login, I'll update the hash/token.
does this seem secure enough and reasonably sensible?
11-16-2010, 09:37 PM #2
cookies are not secured way. they can be stolen and used on another computer for authentication. I would recommend using sessions.