• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Storing a user in a cookie
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Storing a user in a cookie

  • Subject: Storing a user in a cookie
  • From: Pascal Robert <email@hidden>
  • Date: Wed, 20 Feb 2013 12:02:30 -0500
What would you use for storing details about an user in a cookie for stateless apps (e.g., in a "keep me logged" situation)? I see two solutions:

- Using BlowFish to encrypt the username in the cookie, and to decrypt the value of the cookie to see who is the user;

- Encrypting the username with BCrypt, storing the encrypted username in the database and in the cookie, and doing a comparison.

Opinions? The only problem I see with the first one is that if someone find the cipher key, you're toast, but at the same time, if they find it, it's probably because it was stored in the file system or in a SCM, so if they found it, you will probably have other problems too.


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Storing a user in a cookie
      • From: Jesse Tayler <email@hidden>
  • Prev by Date: Re: css on custom table row component
  • Next by Date: Re: Storing a user in a cookie
  • Previous by thread: Re: css on custom table row component
  • Next by thread: Re: Storing a user in a cookie
  • Index(es):
    • Date
    • Thread