Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Re: Grab username from WP Cookie

by Anonymous Monk
on Apr 01, 2020 at 13:46 UTC ( #11114907=note: print w/replies, xml ) Need Help??


in reply to Grab username from WP Cookie

This node falls below the community's threshold of quality. You may see it by logging in.

Replies are listed 'Best First'.
Re^2: Grab username from WP Cookie
by Your Mother (Archbishop) on Apr 01, 2020 at 14:20 UTC

    There should never be any information stored in a session cookie at all other than the name and session key. Anything else is bad security. Recommending parsing the putative JSON with regex is bad programming. Answering a PHP question with Python handwaving is bad forum participation.

      There should never be any information stored in a session cookie at all other than the name and session key. Anything else is bad security.

      Mojolicious has a different philosophy: its session data is actually stored in the session cookie, but it is cryptographically signed with the app's secret keystring to prevent tampering.

        I am surprised to hear that. I can understand the functional benefit and the desire and effort to make it as secure as possible but I reject leaving data on the client and passing it in headers that have to go through various proxies and app forwarding and such especially where HTTPS is not completely enforced.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11114907]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (6)
As of 2021-05-07 11:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Perl 7 will be out ...





    Results (91 votes). Check out past polls.

    Notices?