 |  |  |  |  |  |  |  |
Cookies
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
•
•
Join Date: Nov 2008
Posts: 91
Reputation: 
Solved Threads: 9
Junior Poster in Training
Hi
So... I've been reading up a little bit about cookies and security. Only to find that you should encrypt the data in them and that they can be hacked by using javascript code.
Is this really the only way to hack/steal cookies? In my quest to create a safe login system I would use cookies for storing a token (encrypted), because unlike sessions, one cannot "ride" the session with the ID. You would have to hack/steal the cookie and duplicate it.
So basically I want to know if all I have to protect my cookies from is XSS, by filtering the URI input.
Thanks
So... I've been reading up a little bit about cookies and security. Only to find that you should encrypt the data in them and that they can be hacked by using javascript code.
Is this really the only way to hack/steal cookies? In my quest to create a safe login system I would use cookies for storing a token (encrypted), because unlike sessions, one cannot "ride" the session with the ID. You would have to hack/steal the cookie and duplicate it.
So basically I want to know if all I have to protect my cookies from is XSS, by filtering the URI input.
Thanks
Not entirely related to your question, but when writing my login script, I record the IP address from which a user accesses their account when they chose to be remembered (i.e. use a cookie). Then, you verify that not only does the encrypted key match what you have stored for them, but so does the IP address from which they're accessing your site.
Obvious, I realise, but thought I'd mention it in case you hadn't thought to do this too.
R.
Obvious, I realise, but thought I'd mention it in case you hadn't thought to do this too.
R.
|
Similar Threads
- Netscape 7.1, Hotmail login problem - cookies 'disabled" (Windows NT / 2000 / XP)
- Where do Cookies come from? (Web Browsers)
- how can i used session and cookies ??? (PHP)
- Help me trouble with saving cookies win xp (Windows NT / 2000 / XP)
- Troubles with cookies win. xp (Windows NT / 2000 / XP)
- Cookies makers? (HTML and CSS)
Other Threads in the PHP Forum
- Previous Thread: html to pdf conversion problem
- Next Thread: form name and loop
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
# 5.2.10 action address apache api array auto autoincrement beginner binary broken cakephp checkbox class classes cms code cron curl database date dehasher destroy display dissertation domain dynamic echo echo$_get[x]changingitintovariable... email error errorlog fatalerror file files folder form forms function functions google href htaccess html if-else image images include insert ip javascript joomla legislation limit link load login mail masterthesis menu mlm multiple mysql mysqlquery oop open paypal pdf persist php popup problem query radio random record recursion remote script search server sessions sms sockets source space sql syntax system table tutorial update upload url validator variable video web youtube
