[thesite] high level cookie question..

Daniel J. Cody djc at starkmedia.com
Tue Jun 5 15:53:51 CDT 2001


ok, i'm just getting into cookies and wanted to throw this question out
there to those of you who are smarter than I in that dept.

basically, how bad(unsafe and all that good stuff) is it to store user
information in a cookie once they're logged in? can one easily modify
their cookie to pretend to be me? is readinga cookie a good enough
answer to authentication?(we're doing it now..)

just high level for now i guess..

any thoughts?




More information about the thesite mailing list