http://qs321.pair.com?node_id=11114936


in reply to Re^3: Grab username from WP Cookie
in thread Grab username from WP Cookie

I am surprised to hear that. I can understand the functional benefit and the desire and effort to make it as secure as possible but I reject leaving data on the client and passing it in headers that have to go through various proxies and app forwarding and such especially where HTTPS is not completely enforced.

Replies are listed 'Best First'.
Re^5: Grab username from WP Cookie
by haukex (Bishop) on Apr 02, 2020 at 18:02 UTC
    I reject leaving data on the client and passing it in headers that have to go through various proxies and app forwarding and such especially where HTTPS is not completely enforced.

    Sure, that's definitely a concern. Personally all I store in the session is some identifier, like the username, and keep the rest on the server. (I posted some sample code at 11114043 and 11114542).

Re^5: Grab username from WP Cookie
by Anonymous Monk on Apr 02, 2020 at 02:14 UTC

    I am surprised to hear that. I can understand the functional benefit and the desire and effort to make it as secure as possible but I reject leaving data on the client and passing it in headers that have to go through various proxies and app forwarding and such especially where HTTPS is not completely enforced.

    But its not even "as secure as possible". The cookies are merely signed, they're not encrypted.