Preventions against copied cookies

zeez · August 26, 2012, 3:05pm

Hello

I have a php system which relies on cookies to check if the person is already logged-in on that machine or not. The system checks if there’s a related session entry in the database (random key in the db and cookie), and uses some sort of tokens, also stored in another cookie, to authenticate if the the user iD in the cookies has the same token in the related database entry.

What happens is all these cookies are moved to another computer, will they be successfully authencitcated?, if so What can be done to prevent people from copying and pasting all the cookies in another computer on the same network and then being successfully authenticated?

Thanks

SpacePhoenix · August 26, 2012, 8:59pm

If the two computers are on the same network then I don’t think that there is anything that you can do. The only thing close that I can think of is http://php.net/manual/en/function.session-regenerate-id.php make sure you have a good read through the user-contributed notes for that function.

Topic		Replies	Views
PHP & cookies security PHP	1	394	August 29, 2011
Secure Persistent Logins on multiple computers PHP	7	5485	December 1, 2011
Securing my Users Login PHP	18	779	August 19, 2010
Do PHP sessions use cookies in any way? PHP	9	1920	March 4, 2011
Cookies PHP	5	402	October 8, 2014

Preventions against copied cookies

Related topics