|
Posted by Alexey Kulentsov on 12/09/39 11:26
rushik wrote:
> We have created a business portal for our organization. The technology
> used for that is LAMP.
>
> Our major access management system of the portal is based on cookies.
> we set some user level cookies at the time of login; using these
> cookies we provide access of our pages to user.
Sessions, only sessions. You can have security hole here. If user
know values for cookies he can set it without logging.
> The problem is, sometimes after login process we are getting fatal
> errors due to cookies, because of cookies are not set and our files
> checking for the that. But the problem we can resolve after cleaning
> history, cookies, temp internet files in IE.
>
> I am still not getting the problem and our ad-hoc solution. everytime
> we get this problem we simply cleanup the history, cookies and delete
> temporary internet files, and system starts working perfectly again.
>
> Can anyone explain what exactly is happning ?
First of all, check FF and Opera. I think this is IE problem -
sometimes it's lost cookies. It can be difference in understanding
cookie path and site, it can be cookie limit by count or size or
something else. In any case then user is logged you must use session
instead of set of cookies.
[Back to original message]
|