Cookie Security Question
Posted: Fri Sep 11, 2009 1:03 pm
If i use the following code to create a cookie to remember the logged in user...
$user is the user's id number. When they revisit the site, we'll use that cookie to auto-log them in.
What are the security vulnerabilities here? Usually in cookie security discussions, people go into depth about XSS, but what about a user trying to log in as a different user? Can't that cookie be fabricated?
Code: Select all
setcookie("user_id", $user, time()+3600);What are the security vulnerabilities here? Usually in cookie security discussions, people go into depth about XSS, but what about a user trying to log in as a different user? Can't that cookie be fabricated?