Page 1 of 1

Cookies vs. what?

Posted: Wed May 27, 2009 10:54 am
by JKM
Since there is some lack of security using cookies, what should/could be used instead?

Re: Cookies vs. what?

Posted: Wed May 27, 2009 11:29 am
by jayshields
Depends what you're using cookies for.

Re: Cookies vs. what?

Posted: Wed May 27, 2009 11:36 am
by JKM
Just some simple login-required pages (with some minor access levels).

Re: Cookies vs. what?

Posted: Wed May 27, 2009 12:55 pm
by jayshields
Try sessions (with cookie use diasbled).

Re: Cookies vs. what?

Posted: Wed May 27, 2009 1:17 pm
by Benjamin
:arrow: Moved to PHP - Security

Re: Cookies vs. what?

Posted: Wed May 27, 2009 1:40 pm
by JKM
Oh, thanks astions - forgot about that category.

jay: How should I use such as "remember me"/"log me in automaticly" with sessions?

Re: Cookies vs. what?

Posted: Wed May 27, 2009 3:55 pm
by jayshields
You can't do "remember me" functions properly without using cookies. You could rely on an IP address but they're not the best idea since they can be spoofed easily.

Re: Cookies vs. what?

Posted: Wed May 27, 2009 4:05 pm
by kaisellgren
Cookies were created so that we can achieve this "remember me" effect. If you just need a temporary session, you could store the session in the URI. If you need a "permanent" session, then you should just use cookies as that is the thing they were ultimately created for. In the future, we will have client-side database systems as proposed in HTML 5 draft, so, we will see what we can do with that.

Can I ask you what kind of lack of security cookies have or what are you trying to achieve? Usually security issues come from improper handling of tools/features rather than them lacking of security.

Re: Cookies vs. what?

Posted: Fri May 29, 2009 4:11 pm
by VladSun

Re: Cookies vs. what?

Posted: Sat May 30, 2009 9:03 pm
by JKM
Nice, thx mate!