[eluser]TheFuzzy0ne[/eluser]
[quote author="Jim Higgins" date="1209179924"]I have a form which sets several cookies upon submission. All of my fields are validated upon sumbission using the Validation class. However, when I access the data in the cookies later, I would like to, once again, validate the data in those cookies to ensure that the cookies have not been hijacked and the data modified some how.
Is there a way to validate cookies using the Validation class just like you validate post data?
Is this a reasonable fear--that the data may have changed--and is it reasonable to want to revalidate the data in the cookies even though the cookies were set using the validated post data?
Thanks in advance![/quote]
Why not just use cookies to store the users session id etc... and stick with storing any other data on the server's PHP session for the user? That is much more secure, and only gives you a single cookie to take care of, which is managed by the core anyway. It also means that less data is being passed to the and from the server.
I'm sure you already know this, but cookies are only able to hold a small amount of data (4KB). Also, cookies start getting deleted by the browser if there are more than 300, so if you think about it, if the user has been on more than 300 sites that all use cookies (some using more than one), the cookie can be deleted. At least if you only use one cookie to authenticate the user, if it was deleted, the user could log in again and have a new cookie sent to them. If your secondary cookie was to be deleted, wouldn't that be a serious problem? You'd need to have a second copy of the data on the server anyway, so why pass it back to the browser?
Hope this helps.
