Reply to Re: is it safe to store a cookie user id as a login for my site — PHP Programming Language

Posted by Richard Formby on 02/16/07 10:23

"monomaniac21" wrote
> hi

G'day.

> i have a php site which allows users to save a cookie on their
> computer which stores their user id details and allows them to auto-
> login.
>
> i'm wondering whether this is safe, is it possible for a malicious
> user to find that cookie and change its value and therefore auto-login
> as someone else? and if so how can this be prevented?

How could a "malicious user" gain access to a cookie stored somewhere in
your your users computer, unless they break into your users house? My
browser regularly asks me if I wish it to "remember" my userid/password
detailss for next time. Often I tell it to do so.

Then again your user may be just silly enough to store your cookie on the
public libraries computer. Their problem then IMHO.

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация