Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Aug 2003
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Cookies: Are they unsecure?

    I read at php-freaks that cookies arn't enabled on a lot of browsers because they store user information. I use cookies on my site and want to know if this will make it so users on these browsers can't login at all, or just so they can't use the "stay logged in" function where their login information is stored? and do cookies act exactly like sessions if the user dose not decide to use the stay logged in function?

  • #2
    Regular Coder
    Join Date
    Nov 2002
    Posts
    672
    Thanks
    1
    Thanked 1 Time in 1 Post
    On a forum, it will ask you to login. The info will be stored in a cookie. If the user has cookies disabled, it will say they logged in. on the next page and may say they have X amount of new messages, etc. But if they try to view a topic they shouldn't or do anything that a guest couldn't do, it will fail to see that they are logged in when it checks. It may be good practise to avoid using cookies unless you absolutely have to. You may want to make a notice or custom error message saying that cookies are required when you must use them.

  • #3
    Senior Coder
    Join Date
    Jun 2002
    Location
    near Oswestry
    Posts
    4,508
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Never keep sensitive data in a cookie, and don't rely on support for cookies at all.

    If you use PHP sessions it will store a cookie for the sessionid, and all other data will be stored on the server itself. If the client doesn't allow cookies then it will use transient SID - write the sessionid into URLs and forms and carry it between pages in GET or POST information.
    "Why bother with accessibility? ... Because deep down you know that the web is attractive to people who aren't exactly like you." - Joe Clark

  • #4
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,040
    Thanks
    10
    Thanked 92 Times in 90 Posts
    I would be interested to see any stats on how many users have cookies enabled/disabled (could not find any at a quick glance) but SecuritySpace.com reckon that 18% of sites utilise them , & many sites (wrongly IMO) rely on cookies for shopping carts etc to the extent that the site will not work without them.

    All major browsers come with cookies enabled by default though some will disable them, but mostly not I suspect ... as Tail suggests if your site needs them , let the user know!

    To check if your site works without cookies simply disable them in your browser preferences and see what happens !
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •