How safe are cookies?

fjm

I need to direct users that are logged in to a sub domain. I guess the absolute only way is with a cookie to carry the session variable.

I have heard that using cookies opens the door to xss. Are cookies the best way to go? Security has to be put first on this project.

Any thoughts would be appriciated.

Thanks,

Frank

realin

storing a session id, not very sure if it opens a loop hole or no
But for safety u can use an algorithm to secure ur session ID,
and concatenate a secret key with the session ID

Expand|Select|Wrap|Line Numbers

  
base64(sessionid+special character+secret key)

and decode it when u have secret key

you can do lotsa stuff to secure the session id while it lies in cookie and delete it when its done :)

fjm

Quote:

Originally Posted by realin

storing a session id, not very sure if it opens a loop hole or no
But for safety u can use an algorithm to secure ur session ID,
and concatenate a secret key with the session ID

Expand|Select|Wrap|Line Numbers

  
base64(sessionid+special character+secret key)

and decode it when u have secret key

you can do lotsa stuff to secure the session id while it lies in cookie and delete it when its done :)

Hey Realin, thanks for the advice. I was able to find a little info googling. I have always avoided cookies because I never cared for them but now I find myself in a position where I need to use them.

Your example is exactly what I have done. Hopefully all will be ok. :)

Thanks!

Frank

realin

its always great to see things getting worked :)

How safe are cookies?

re: How safe are cookies?

re: How safe are cookies?

re: How safe are cookies?

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about