SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict Mr Jojo's Avatar
    Join Date
    May 2007
    Posts
    322
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Are session cookies secure enough?

    Are session cookies secure enough to create private administration areas, or login/logout systems?

    Why does IE6 comes with the session cookies option disabled, and, i can make login in forums with it?

    Is there another kind of "cookies" besides the "session cookies"?

    Until now i used session cookies, writing data on them, using md5 hash to protect them. Am i doing it right?

    Thanks!

  2. #2
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Don't write application data to the cookie. The session cookie just stores the sessionID with the sensitive data being stored in the session on the server (not in a cookie).

    They are probably more secure than carrying the sessionID in the URL.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •