sanders
Reputation: 10888
Combining cookies and sessions
This question Is a result of various questions I had today about cookies.
As you know it's not save to handle the login process with cookies.
But how can I set a cookie when I am logged in and to be automatically loggedon when I restart my browser?
If I redirect based on the existense of the cookie this is dangerous as someone else could just create a cookie. So what's the way to deal with this?
Upvotes: 3
Views: 2035
Answers (1)
Paul Dixon
Reputation: 300825
Yes, an auto-login cookie does present a vulnerability, but you can mitigate some of these with various techniques, such as ensuring a cookie value can only be used once.
For more details, take a look at
And see these other fine StackOverflow answers
- PART I: How To Log In
- PART II: How To Remain Logged In - The Infamous "Remember Me" Checkbox
- PART III: Using Secret Questions
- PART IV: Forgotten Password Functionality
- PART V: Checking Password Strength
- PART VI: Much More - Or: Preventing Rapid-Fire Login Attempts
- PART VII: Distributed Brute Force Attacks
Upvotes: 5
Related Questions
- Cookies and sessions
- Including Session and Cookie at the firs time in php
- php session and cookies
- Replacing Session with Cookie
- Working with sessions and cookies in PHP
- Using a combination of SESSION Vars and COOKIE Vars in PHP
- PHP Session sharing
- php sessions and cookies
- Sessions and cookies
- Session and cookie in same PHP file?