Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Native sessions or CI sessions.
Native sessions or CI sessions.
  • El Forum
    Guest
  •  
#4
04-02-2011, 12:58 PM

[eluser]WanWizard[/eluser]
Be very careful with a remember me cookie.

It is essentially a replacement credential, if I can hijack that, I don't need a session cookie or someone's userid and password. It will log me in as the user I stole it from, no questions asked!

Use a random token, store that in the user record, and encrypted in your remember-me cookie, preferably with IP address and/or user agent string. Every time the cookie is used, generate a new random token, and update the cookie.

p.s. and don't forget to use a random salt when using encryption.


Messages In This Thread
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:03 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:30 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:37 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 12:58 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 01:23 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 03:32 PM
Native sessions or CI sessions. - by El Forum - 04-02-2011, 05:51 PM
Native sessions or CI sessions. - by El Forum - 04-03-2011, 03:42 PM
Native sessions or CI sessions. - by El Forum - 04-04-2011, 08:16 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 05:01 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 07:10 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 07:25 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 09:56 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 11:54 AM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 12:57 PM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 01:06 PM
Native sessions or CI sessions. - by El Forum - 04-08-2011, 01:14 PM
Native sessions or CI sessions. - by El Forum - 04-11-2011, 09:49 AM
Native sessions or CI sessions. - by El Forum - 04-11-2011, 01:41 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 03:43 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 08:42 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 10:20 PM
Native sessions or CI sessions. - by El Forum - 05-04-2011, 11:27 PM



Theme © iAndrew 2016 - Forum software by © MyBB