[erlang-questions] secure use of cookies in an erlang application

Wes James <>
Tue May 15 20:13:25 CEST 2012


Ok - thanks for the quick response!

Wes

On Tue, May 15, 2012 at 12:10 PM, Loïc Hoguin <> wrote:

> On login, make the server generate an UUID, associate that UUID with the
> logged in user, and set it as the cookie you will use to identify the user.
> Then just compare that cookie with your list of logged in users to find who
> it is.
>
> It should already be a good start.
>
>
> On 05/15/2012 08:03 PM, Wes James wrote:
>
>> I'm using cowboy for an application and I'm setting a simple cookie with
>> an expire to log users out after a certain time.  Using a simple cookie
>> seams like it is not secure, though.  As someone could read the code and
>> set the cookie in their browser and then get access to the site, right?
>>  Are there any examples of securely using cookies in cowboy or some
>> other erlang app/framework that shows how cookies are used?  I guess
>> some random time based cookie might work better.
>>
>> Thanks,
>>
>> Wes
>>
>>
>> ______________________________**_________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/**listinfo/erlang-questions<http://erlang.org/mailman/listinfo/erlang-questions>
>>
>
>
> --
> Loďc Hoguin
> Erlang Cowboy
> Nine Nines
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120515/e6bc5ede/attachment.html>


More information about the erlang-questions mailing list