Ok - thanks for the quick response!<div><br></div><div>Wes</div><br><div class="gmail_quote">On Tue, May 15, 2012 at 12:10 PM, Loïc Hoguin <span dir="ltr"><<a href="mailto:essen@ninenines.eu" target="_blank">essen@ninenines.eu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On login, make the server generate an UUID, associate that UUID with the logged in user, and set it as the cookie you will use to identify the user. Then just compare that cookie with your list of logged in users to find who it is.<br>
<br>
It should already be a good start.<div><div class="h5"><br>
<br>
On 05/15/2012 08:03 PM, Wes James wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
I'm using cowboy for an application and I'm setting a simple cookie with<br>
an expire to log users out after a certain time. Using a simple cookie<br>
seams like it is not secure, though. As someone could read the code and<br>
set the cookie in their browser and then get access to the site, right?<br>
Are there any examples of securely using cookies in cowboy or some<br>
other erlang app/framework that shows how cookies are used? I guess<br>
some random time based cookie might work better.<br>
<br>
Thanks,<br>
<br>
Wes<br>
<br>
<br></div></div>
______________________________<u></u>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/<u></u>listinfo/erlang-questions</a><span class="HOEnZb"><font color="#888888"><br>
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<br>
-- <br>
Loďc Hoguin<br>
Erlang Cowboy<br>
Nine Nines<br>
</font></span></blockquote></div><br>