Browser security

Question

Browser security

Is it safe to store user user ID in cookie.why?

+4

security browser

abhijeet Mar 28 '11 at 4:14

source share

4 answers

alex · Answer 1 · 2011-03-28T04:15:49+0000

Depending on what the identifier is used for.

If it is for authentication, it is a bad idea. I can change it to anything.

You better keep nonce, which is updated every so often (every page, if it does not crush your server). Then match this in your database with the authenticated user.

atx · Answer 2 · 2011-03-28T04:16:31+0000

Ok, just make sure you check in this cookie.

Rory alsop · Answer 3 · 2011-03-28T11:33:36+0000

If this is for any type of session management or used as a key to access confidential information (password, financial, medical, etc.), you do not want to store it in a cookie - of course, it doesn’t matter.

It is good practice to use a session cookie that is encrypted so that it is difficult to guess, checked based on a link to the internal server, it is often updated (whenever there is a change in security status, for example, switching from http to https pages) and is canceled when you exit or exit systems to prevent reuse.

Predator · Answer 4 · 2011-03-28T04:56:08+0000

This is normal. But before you do anything important, ask the user password for verification.

Browser security

More articles: