Sessions VS Cookies Part II

Results 1 to 3 of 3

Thread: Sessions VS Cookies Part II

  1. #1
    Jordan Ravka Guest

    Default Sessions VS Cookies Part II

    Is there a security threat if on a members site I use cookies to validate users. When you log in, it checks via a database and issues the cookies...<BR><BR>Is this a good way to go, or is session variables more secure?<BR><BR>Also, should I be including the password in their cookie? Or only their username?<BR><BR>Thanx

  2. #2
    Jason S. Harmon Guest

    Default RE: Sessions VS Cookies Part II

    Rule #1: Never store a password anywhere outside of the server&#039s scope. Querystrings, cookies, etc, are a bad idea for password persistence. Just pass it into a stored procedure in your DB, and then store the username somewhere. Check for this before allowing a user into the site. <BR>As far as cookies vs session security: the only detriment in using cookies explicitly is what you store in them(no passwords!). Sessions, per se, are actually just a reference to a unique session ID issued by IIS stored in a cookie on the client&#039s browser.<BR>So, you are using cookies, no matter what. I&#039ve yet to see a foolproof method for identifying users any other way. I think that Sessions are easier to use and maintain, as well as providing a fairly robust interface for managing the variables contained within collections.

  3. #3
    Jordan Ravka Guest

    Default RE: Sessions VS Cookies Part II

    Thanx,<BR>How do the big boys do it.. like mail.yahoo or other member sites?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •