Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Answer: Cookie based authentication: Is it secure?

by Ovid (Cardinal)
on Aug 28, 2000 at 01:16 UTC ( #29932=categorized answer: print w/replies, xml ) Need Help??

Q&A > CGI programming > Cookie based authentication: Is it secure? - Answer contributed by Ovid

The header information with a cookie can look something like the following:
Set-Cookie: user_id:dajohn13; domain=.somedomain.com; path=/cgi-bin; expires=Sat, 01-Apr-2003 11:30:00 GMT; secure
That is sent as plain text, which is not secure. Whatever values you set for the cookie can then be sniffed, so sensitive information shouldn't be passed this way.

In the example above, the secure parameter is used, which means that the browser will not return the cooking unless you are using a secure URL with the https protocol. That should provide adequate security and will make your scripts much safer if you plan to use cookies.

Log In?
Username:
Password:

What's my password?
Create A New User
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (2)
As of 2016-12-06 02:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (96 votes). Check out past polls.