Results 1 to 2 of 2
Jul 29, 2007, 06:12 #1
Are session cookies secure enough?
Are session cookies secure enough to create private administration areas, or login/logout systems?
Why does IE6 comes with the session cookies option disabled, and, i can make login in forums with it?
Is there another kind of "cookies" besides the "session cookies"?
Until now i used session cookies, writing data on them, using md5 hash to protect them. Am i doing it right?
Jul 29, 2007, 06:52 #2
- Join Date
- Jan 2002
- 0 Post(s)
- 0 Thread(s)
Don't write application data to the cookie. The session cookie just stores the sessionID with the sensitive data being stored in the session on the server (not in a cookie).
They are probably more secure than carrying the sessionID in the URL.