Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cookie security

Status
Not open for further replies.
Crundy

Crundy

Programmer
Jul 20, 2001
305
GB
Hello,
Is it secure, after authenticating someone, to send them a session cookie containing their username which subsequent pages can then use to see if they have logged on or not, and who they are?

Could someone else just set a cookie with username="whoever" and set the domain to your domain, then just browse your protected pages? Is it possible for someone to trick your server into thinking that a cookie set elsewhere was set by your server? C:\DOS:>
C:\DOS:>RUN
RUN DOS RUN!!
 
Sort by date Sort by votes
Crundy -

This used to be possible, but I don't know about if it still is (with the newer browsers).

I would say that you'd want to encrypt the contents of the cookie with a key you keep on your site (don't store the key in Javascript, of course).

Chip H.
 
Upvote 0 Downvote
I had a conversation with others about this topic in the ASP forum. See thread333-228857 for details C:\DOS:>
C:\DOS:>RUN
RUN DOS RUN!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
121
gbayi_omo
gbayi_omo
abhi21
  • Locked
  • Question
Interesting article on Cyber Security
Replies
0
Views
114
abhi21
abhi21
jfp23
  • Locked
  • Question
Site to Site VPN Security
Replies
2
Views
147
PScottC
PScottC
cisco222
  • Locked
  • Question
CCNA security exam
Replies
0
Views
106
cisco222
cisco222
Architeqt
  • Locked
  • News
Boston Bombers and todays security infrastructure
Replies
0
Views
97
Architeqt
Architeqt

Part and Inventory Search

Sponsor

Back
Top