• Post Reply Bookmark Topic Watch Topic
  • New Topic

Security  RSS feed

 
Ahmed Samir
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the users request to login I will use HTTPS instead of HTTP, then create this token and store it in the cookies and the user can browse easily.
Next time the user hit my site he will be logged in automatically using the token my question is if the user used the HTTP instead of HTTPS this means that any hacker can easily spoof the network packets and get the token then fool me, right ?
How can I solve this ?
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"Any hacker" would have to be someone who has access to raw network traffic. That's pretty easy to accomplish over Wifi (which is why you should not use unencrypted traffic on a public WLAN).

In this case, you can make the cookie secure: https://en.wikipedia.org/wiki/HTTP_cookie#Secure_cookie
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!