Cookies

Jaynesh · January 7, 2012, 12:00am

Hello

I currently have a script that uses cookies for validation e.g

UPDATE data WHERE id = $_COOKIE[‘id’]

$_COOKIE[‘id’] being the logged in users id.

Is it possible for a user to simply change the id in their cookies and insert the data using another id?
If so, how can I prevent this?

system · January 7, 2012, 12:18am

Yes it is possible for people to alter values of cookies because cookies are basically a small text file stored on the users pc.

I normally steer away from using cookies, at least for mandatory functionality, because you would have to code a plan B for users with with cookies disabled. For something like what you are using cookies for in this case, storing the data in a session variable is probably better and definitely more secure.

Jaynesh · January 7, 2012, 8:16am

Hi thank you for your response. So on the other hand this would be 100% secure?
UPDATE data WHERE id = $_SESSION[‘id’]

system · January 7, 2012, 8:53am

I don’t see what your update statement is trying to do. What is data - a variable, db table or something else?

Jaynesh · January 7, 2012, 10:03am

Hi its just an exampke

UPDATE table WHERE id = $session SET post=mysql_real_escape_string($post)

Topic		Replies	Views
Cookies security PHP	5	581	December 22, 2011
Is my login script safe using session variables PHP	12	4320	October 8, 2014
PHP Login Vulnerability, perhaps PHP	6	171	January 19, 2010
The relationship between cookies and sessions? PHP	3	3596	October 8, 2014
Cookies or PHP Sessions - Save within MySQL table PHP	13	6266	June 5, 2011

Cookies

Related topics