Just how to make use of cookies in a safe and secure fashion to confirm customers?

Most of the times I such as making use of cookies to bear in mind returning customers to my internet sites.

In my early/foolish days, I would certainly store a UserID (auto-increment integer) in a cookie and also if the customer returned I would certainly make use of that cookie value to log them in instantly. This was a negative suggestion due to the fact that a person can conveniently modify the cookie to make use of a various integer and also visit as somebody else.

Is it ok to store a UserID in this very same fashion if the UserID is a GUID?

What are the most effective techniques for saving "remember me" cookies?

2019-05-04 09:34:05
Source Share
Answers: 2

Save 2 cookies :

  • UserId : has the customer id
  • Password : has the SHA1 of the customer's password

Very very easy and also safe and secure. Remember the HttpOnly attribute.

2019-05-08 00:44:25

You need to take into consideration making use of sessions to manage this type of circumstance.

Procedure usually function by creating an one-of-a-kind GUID for the customer's authentication and also waiting in a cookie on the customer's neighborhood equipment or passing it about, from web page to web page, via the URL.

This session GUID indicate a documents or data source access on the web server that can after that read and also contacted by your resource code, by linking the GUID in the customer's cookie/URL with the GUID of the documents or data source access that holds your data.

It's usually secure to place extra delicate data (such as the customer ID ) in sessions as absolutely nothing shows up throughout customer other than the session GUID.

The majority of online languages will certainly have some type of session monitoring constructed in.

2019-05-07 23:59:48