SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Mar 2008
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cookie Last Modified?

    Hi,
    I'm attempting to upgrade the security on a website of mine, and I'm using cookies to remember a person's login for the next time they visit. I was wondering if there's a way to check when a cookie was last modified, to ensure that people don't copy other people's cookie information into a cookie of their own.

    I did a quick google search, and couldn't find anything about finding out when a cookie was created or last accessed/modified. Is there a way to do such a thing?

  2. #2
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Welcome to the forums.

    You could set a cookie for the date/time the rest of the info was set. To make it really secure, though, your best bet is to ask for a confirmation password when trying to access certain information after a period has passed since they logged in - like you see on major sites, such as eBay.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  3. #3
    SitePoint Member
    Join Date
    Mar 2008
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could set a cookie for the date/time the rest of the info was set
    Yeah, but the idea behind what I was asking was to have as little information on the cookie as possible. (That was the method that got me thinking about last modified and stuff though)

    Asking for a confirmation password is what I want to avoid with the cookie, and if I was able to check when a cookie was last modified and match it up with a value in my database, that would prevent people from being able to steal cookies AND allow people to stay continuously logged in.

  4. #4
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Well, you'll always have to confirm passwords for changes to profile, transactions, etc, unless they logged in within 10 mins, just in case.

    If you use ini_set to set the session.cookie_lifetime, it will send only the session ID in the cookie, and starts up the session when the browser is opened within that time.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •