Hi i have a membership system on my site and i noticed a problem that is on my site. The user can change the a cookie information which holds the users id, after that the user can be logged in as a different user by changing the id, i was wondering how i can avoid this problem, i don't need any code by the way just a idea to help stay away from this issue.
nick3592
0
Light Poster
Recommended Answers
Jump to PostThat's why I try to avoid cookies except to hold generic information that the scripts only reference or if they do require, cross-reference before using (e.g. it stores username/id/joined-date (unix timestamp, makes it incredibly hard to guess), check to see if all 3 pieces match up, if not, log them …
All 2 Replies
Reply to this topic
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.