|
Posted by juglesh on 12/16/05 22:31
Cliff Smith wrote:
> Thirdly, NEVER use cookies to check whether someone has logged in, as
> these are client-side, and easily forged....
Yabbutt...So? They'd have to know what to forge. If you store the
password in a cookie, the intruder would have to have access to the
users 'puter. Session is stored in a cookie or the query string, so
how is that different?
I dont have a lot of experience with sessions, so I'd appreciate a
schooling if neccessary.
--
j
[Back to original message]
|