[erlang-questions] secure use of cookies in an erlang application

Loïc Hoguin <>
Tue May 15 20:10:50 CEST 2012


On login, make the server generate an UUID, associate that UUID with the 
logged in user, and set it as the cookie you will use to identify the 
user. Then just compare that cookie with your list of logged in users to 
find who it is.

It should already be a good start.

On 05/15/2012 08:03 PM, Wes James wrote:
> I'm using cowboy for an application and I'm setting a simple cookie with
> an expire to log users out after a certain time.  Using a simple cookie
> seams like it is not secure, though.  As someone could read the code and
> set the cookie in their browser and then get access to the site, right?
>   Are there any examples of securely using cookies in cowboy or some
> other erlang app/framework that shows how cookies are used?  I guess
> some random time based cookie might work better.
>
> Thanks,
>
> Wes
>
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions


-- 
Loïc Hoguin
Erlang Cowboy
Nine Nines



More information about the erlang-questions mailing list