How Safe is Codeigniter Sessions

How Safe is Codeigniter Sessions

El Forum
Guest

#15

10-02-2012, 07:21 AM

[eluser]keevitaja[/eluser]
[quote author="WanWizard" date="1349160958"]
The idea behind the token store is that you can detect that the remember_me cookie was stolen and used by someone else because the login by the hacker has caused the token to rotate, so your original cookie has a valid token, but not the last one issued.
[/quote]

will this work, if "remember me" can be set from more than one computer?

and which one is better approach:

- store users id in the cookie
- store users username in the cookie
- store the id from the "remember me" table

and ofcause hash and token as well.

Messages In This Thread

How Safe is Codeigniter Sessions - by El Forum - 09-23-2012, 11:31 AM

How Safe is Codeigniter Sessions - by El Forum - 09-23-2012, 01:23 PM

How Safe is Codeigniter Sessions - by El Forum - 09-24-2012, 01:16 PM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 05:10 AM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 05:57 AM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 09:27 AM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 12:08 PM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 02:22 PM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 02:38 PM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 05:41 PM

How Safe is Codeigniter Sessions - by El Forum - 09-25-2012, 10:58 PM

How Safe is Codeigniter Sessions - by El Forum - 09-26-2012, 04:17 AM

How Safe is Codeigniter Sessions - by El Forum - 10-01-2012, 03:04 PM

How Safe is Codeigniter Sessions - by El Forum - 10-01-2012, 11:55 PM

How Safe is Codeigniter Sessions - by El Forum - 10-02-2012, 07:21 AM