Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
Refiru2020-08-18 05:25:38
User identification
Refiru, 2020-08-18 05:25:38

Authorization on secret cookies, is this a bad practice in my case?

Good day. There was a need to make a simple user account.
Approximate number of 100-200 per day. Is it so bad to check the login and password and give a secret, immutable cookie? So that the user with its presence would have access to the office, but without it. Inside, for example, store the login hash. To give out data on it in the office.
I've seen them do this in Flask sometimes.
I see no reason to pull a heavy solution for a simple task.
If it's not bad?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
R
Roman Kitaev, 2020-08-18
@deliro

In general, this is not bad with some caveats:
1. Sessions cannot be revoked
2. Something changing and critical cannot be stored there, because
all previous cookies you set will be valid even if you set a new one

Report
G
Griboks, 2020-08-18
@Griboks

With the same success, you can make a query parameter ...?password=123
With cookies, any site will steal authorization data.

Similar questions
V
Vadim2312017-09-18 21:01:08
How to make if the number was not an integer, gave out -1 in response? 6Reply
S
StasFetisov2015-05-02 22:15:43
How to download a secure file (JSP authorization)? 1Reply
O
oleanneat2017-05-01 19:37:03
Is it possible to implement an alternative login to a wordpress site? 1Reply
U
Urukhayy2015-05-15 10:25:42
Where do you store passwords? 10Reply
L
lahomie932019-10-17 22:34:30
How can I verify a phone number other than SMS? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question