Reputation: 0 Apprentice
- New Members
- Active Posts:
- 2 (0 per day)
- 19-February 12
- Profile Views:
- Last Active:
- Jun 05 2012 09:44 PM
- Dream Kudos:
Posts I've Made
Posted 5 Jun 2012Well, the problem with session is that it destroys when users close their browser.
In case of sites like Facebook, I have noticed even if you close your browser,
you still can go back to your account without logining in.
This shows Facebook is using cookies.
I would like to learn how to securely implement cookie into my login system?
My own guess is to:
1) create random string when user logs in and store in table.
2)add the user agent to the random string.
3) hash the coupled string and store in a cookie.
4) store the user_id and hashed string seperately in login table.
5) every time the user goes to a new page, compare the browser
Cookie Hash string within the database table if there was a match.
6) get the random string from table and add it to clients http agent
And chech to see if it is the same as the string in the cookie.
7) if everything was a match then allow user into the new page.
Posted 28 Apr 2012Hi thanks for the greate article, is there a reason why you have avoided using cookies?
- Member Title:
- New D.I.C Head
- Age Unknown
- Birthday Unknown
sampras hasn't added any friends yet.