Cookie security question

Results 1 to 4 of 4

Thread: Cookie security question

  1. #1
    Join Date
    Dec 1969

    Default Cookie security question

    I&#039;m trying to lessen the burden on the database on my site ( ) by using cookies to store the user&#039;s username & other info while on the site instead of checking a querystring (containing userid and password) against the database on every page.<BR><BR>Now what exactly would prevent a knowledgeable visitor from going into the cookie text file and changing his userid to someone else&#039;s? Even if I store a password there and compare it against a password being passed constantly through a querystring, if he changes both instances of the password, he&#039;ll effectively be someone else, since his info is only checked against the database when he first logs in.<BR><BR>Is there a more secure way of using cookies than this? How do other sites do it?<BR>

  2. #2
    saskia laroo Guest

    Default RE: Cookie security question

    you could encrypt the info that you&#039;re putting into the cookie and decrypt it when you pull it out

  3. #3
    Join Date
    Dec 1969

    Default RE: Cookie security question

    Why not do this:<BR><BR>on your default page check for session loggedon var if false then check for cookie info if have some then hit db up to match userid & password from db. If match set session var to loggedon. If no cookie value then ask for userid and password, save if check against db ok and user requests save info, set session logged on ok also. On each page check session loggedon if true then ok else redirect to default page?

  4. #4
    Jason Guest

    Default RE: Cookie security question

    Krank is absolutely correct. By the way, i would start using method="post" instead of querystring. If you need any help with coding the sessions and cookies, just ask. I have a quick template i can show ya.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts