Page 1 of 1

Trouble with $_COOKIE

Posted: Fri Aug 28, 2009 2:11 pm
by Chrisaster
I've just been told that I have a security issue in the way I authorise users on my site, but I have no idea what the problem is or how I can fix it. Here is the code I am using for pages that require the user to be logged in:

Code: Select all

<?php
    function AuthUser()
    {
        if (isset($_COOKIE["user"]))
        {
            $loggedin = $_COOKIE["user"];
        }
        else
        {
            header("Location: /login.php");
        }
    }
?>
I did a quick search for 'PHP cookie exploits' but I couldn't find anything that would help me solve the problem.

Re: Trouble with $_COOKIE

Posted: Fri Aug 28, 2009 2:22 pm
by Darhazer
I can set this cookie myself...
You are not validating the cookie data in any way, and if the data in the cookie is used for authentication, it should contain a temporary key and not the exact username or password, as cookie is easy to steal. Better use sessions (in that case the cookie will hold only the session id, which is valid only while the session is valid... use the session_regenerate_id function to prevent the session fixation attach)

Re: Trouble with $_COOKIE

Posted: Fri Aug 28, 2009 2:30 pm
by Chrisaster
Darhazer wrote:I can set this cookie myself...
You are not validating the cookie data in any way, and if the data in the cookie is used for authentication, it should contain a temporary key and not the exact username or password, as cookie is easy to steal. Better use sessions (in that case the cookie will hold only the session id, which is valid only while the session is valid... use the session_regenerate_id function to prevent the session fixation attach)
Thanks, i'll take a look at the session functions now.