We don't bite newbies here... much | |
PerlMonks |
Re: Cookie based authentication: Is it secure?by chromatic (Archbishop) |
on Aug 28, 2000 at 03:10 UTC ( [id://29937]=note: print w/replies, xml ) | Need Help?? |
The only thing successfully retrieving a cookie should imply, from a security standpoint, is that, at one time, someone using that particular browser (session, if you're using session cookies) was successfully authenticated. Period.
If I logged in to your site from a public terminal and left the browser open, anyone else could potentially use my cookie. For some applications, this is enough security. For others, you might save a timestamp of the user's last access and require reauthentication if X minutes/hours/days have passed since the last transaction. In general, if you don't store too much information in a cookie and if you realize the implications of what I've said above, this is a decent method of saving state.
In Section
Seekers of Perl Wisdom
|
|