View Full Version : Cookie based authentication

11-16-2010, 10:28 PM
I have a simple web application where nothing really sensitive is stored, no payment info. So super top-level security is not required.

The way it works, a persistent login is the norm (app is often kept open in the background) and after successful login the things I need to keep persistent are user_id and group_id

My question, is can I just use a cookie in conjunction with a token hash (stored in database) and do everything from that.

COOKIE['token'] = user_id_val+group_id_val+hash_in_db

would look like: 23-144-jhwr8324398fjk2j49083223n23

So all I need is a little function to parse that cookie string and do everything from that. Someone could change the values in their cookie but obviously the hash won't match.

when they do happen to logout-login, I'll update the hash/token.

does this seem secure enough and reasonably sensible?

11-16-2010, 10:37 PM
cookies are not secured way. they can be stolen and used on another computer for authentication. I would recommend using sessions.