Re: Cookie based authentication: Is it secure?


Syntactic Confectionery Delight
	PerlMonks

Re: Cookie based authentication: Is it secure?

by Ovid (Cardinal)

on Aug 28, 2000 at 01:16 UTC ( [id://29932]=note: print w/replies, xml )

Need Help??

⭐ in reply to Cookie based authentication: Is it secure?

The header information with a cookie can look something like the following:

Set-Cookie: user_id:dajohn13; domain=.somedomain.com; path=/cgi-bin;
            expires=Sat, 01-Apr-2003 11:30:00 GMT; secure
[download]

That is sent as plain text, which is not secure. Whatever values you set for the cookie can then be sniffed, so sensitive information shouldn't be passed this way.

In the example above, the secure parameter is used, which means that the browser will not return the cooking unless you are using a secure URL with the https protocol. That should provide adequate security and will make your scripts much safer if you plan to use cookies.

Comment on Re: Cookie based authentication: Is it secure? Download Code

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://29932]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others wandering the Monastery: (4)

As of 2024-04-24 21:11 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found