jimfog Posted October 3, 2012 Share Posted October 3, 2012 I read this tutorial here: http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/ If I understood correctly, the moment the user is authenticated(after returning the site), is the moment we create a brand new cookie. That means a new cookie every time the user returns to the site. Why do we do that, for security reasons? Link to comment Share on other sites More sharing options...
jimfog Posted October 3, 2012 Author Share Posted October 3, 2012 I read this tutorial here: http://fishbowl.past..._best_practice/ If I understood correctly, the moment the user is authenticated(after returning the site), is the moment we create a brand new cookie. That means a new cookie every time the user returns to the site. Why do we do that, for security reasons? By the way, this forum here, does not create a new cookie every time a visitor returns. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 3, 2012 Share Posted October 3, 2012 Yes, it's for security reasons. The old cookie is no longer valid. By the way, this forum here, does not create a new cookie every time a visitor returns.Nobody's perfect. Link to comment Share on other sites More sharing options...
jimfog Posted October 9, 2012 Author Share Posted October 9, 2012 Ok...I will invalidate the old cookie...by just setting its expiration date in the past? Does the cookie invalidation process includes anything else-any db action maybe? Link to comment Share on other sites More sharing options...
justsomeguy Posted October 9, 2012 Share Posted October 9, 2012 You don't have to change the cookies. When you change the token in the database for the new cookie then the cookies with old tokens will no longer work. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now