Problems? Is your data what you think it is? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
As fokat notes, anyone who gets their hands on the cookie, encrypted or not, can defeat your scheme.
You can mitigate the risk by timing out the cookie. You're already embedding a timestamp, though the timestamp would be easier to check if you embedded a raw time() value, rather than splitting it via localtime(). For real security, though, you should be doing this over https:
In reply to Re: Security using Encrypted cookies
by dws
|
|