cookie copied

Pehape

what happened if cookies that is sent to client is copied to another client/comp
. if they open my web... is it possible my web to read it..? (say i sent two cookies, information about user name and the date they logged in)
thanks.

suntra

Well cookies can always be intercepted or copied ! I think MSIE and Firefox and others do not like it when you introduce a new cookie by yourself, but that doesn't mean "protection" !

That's why you must NEVER store a password in a cookie...

Personally, I send a unique ID which is associated with a user in a MySQL database, and in the database, I also write the IP and the Browser... that's not very secure, but the unique ID changes every time a page is loaded, so the contents of the cookie changes too...

Pehape

oh... thank you,
you send unique id to client through cookie, but ip address could changes ? and if the cookie is copied then they open your web. you still don't know if they're valid user.. ??? sorry if i don't get clear enough .. looks like i'm completely confused... 😕
ouh sorry, i don't store a password on cookie, but i'll let them in if they have a cookie (since i'd send that cookie if they log-in).. that's a big mistake...i don't know the cookie could be copied and while the information i send on cookie is just their username and date when they had login . .

how about like this php builder, they know us through cookie and we don't need to login as long as the cookie is not expired. how if my cookie is copied to another comp and open this web.? ( i mean, i just want to know how the process or what information they collect, so the information of each user is kept secretly )
pls help me and thank you for any responses.

Pehape

how about encrypted data cookie?