Tue May 15 20:10:50 CEST 2012
On login, make the server generate an UUID, associate that UUID with the
logged in user, and set it as the cookie you will use to identify the
user. Then just compare that cookie with your list of logged in users to
find who it is.
It should already be a good start.
On 05/15/2012 08:03 PM, Wes James wrote:
> I'm using cowboy for an application and I'm setting a simple cookie with
> an expire to log users out after a certain time. Using a simple cookie
> seams like it is not secure, though. As someone could read the code and
> set the cookie in their browser and then get access to the site, right?
> Are there any examples of securely using cookies in cowboy or some
> other erlang app/framework that shows how cookies are used? I guess
> some random time based cookie might work better.
> erlang-questions mailing list
More information about the erlang-questions