This question Is a result of various questions I had today about cookies.
As you know it's not save to handle the login process with cookies.
But how can I set a cookie when I am logged in and to be automatically loggedon when I restart my browser?
If I redirect based on the existense of the cookie this is dangerous as someone else could just create a cookie. So what's the way to deal with this?
From stackoverflow
-
Yes, an auto-login cookie does present a vulnerability, but you can mitigate some of these with various techniques, such as ensuring a cookie value can only be used once.
For more details, take a look at
And see these other fine StackOverflow answers
- PART I: How To Log In
- PART II: How To Remain Logged In - The Infamous "Remember Me" Checkbox
- PART III: Using Secret Questions
- PART IV: Forgotten Password Functionality
- PART V: Checking Password Strength
- PART VI: Much More - Or: Preventing Rapid-Fire Login Attempts
- PART VII: Distributed Brute Force Attacks
0 comments:
Post a Comment