Storing a user in a cookie
Storing a user in a cookie
- Subject: Storing a user in a cookie
- From: Pascal Robert <email@hidden>
- Date: Wed, 20 Feb 2013 12:02:30 -0500
What would you use for storing details about an user in a cookie for stateless apps (e.g., in a "keep me logged" situation)? I see two solutions:
- Using BlowFish to encrypt the username in the cookie, and to decrypt the value of the cookie to see who is the user;
- Encrypting the username with BCrypt, storing the encrypted username in the database and in the cookie, and doing a comparison.
Opinions? The only problem I see with the first one is that if someone find the cipher key, you're toast, but at the same time, if they find it, it's probably because it was stored in the file system or in a SCM, so if they found it, you will probably have other problems too.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden