Posted by Richard Formby on 02/16/07 10:23

"monomaniac21" wrote
> hi

G'day.

> i have a php site which allows users to save a cookie on their
> computer which stores their user id details and allows them to auto-
> login.
>
> i'm wondering whether this is safe, is it possible for a malicious
> user to find that cookie and change its value and therefore auto-login
> as someone else? and if so how can this be prevented?

How could a "malicious user" gain access to a cookie stored somewhere in
your your users computer, unless they break into your users house? My
browser regularly asks me if I wish it to "remember" my userid/password
detailss for next time. Often I tell it to do so.

Then again your user may be just silly enough to store your cookie on the
public libraries computer. Their problem then IMHO.

• Next in forum: Re: is it safe to store a cookie user id as a login for my site
• Prev in forum: Newbie needs help with regular expression
• Thread view: Re: is it safe to store a cookie user id as a login for my site

[Reply to this message]