[erlang-questions] secure use of cookies in an erlang application
Loïc Hoguin
essen@REDACTED
Tue May 15 20:10:50 CEST 2012
On login, make the server generate an UUID, associate that UUID with the
logged in user, and set it as the cookie you will use to identify the
user. Then just compare that cookie with your list of logged in users to
find who it is.
It should already be a good start.
On 05/15/2012 08:03 PM, Wes James wrote:
> I'm using cowboy for an application and I'm setting a simple cookie with
> an expire to log users out after a certain time. Using a simple cookie
> seams like it is not secure, though. As someone could read the code and
> set the cookie in their browser and then get access to the site, right?
> Are there any examples of securely using cookies in cowboy or some
> other erlang app/framework that shows how cookies are used? I guess
> some random time based cookie might work better.
>
> Thanks,
>
> Wes
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
--
Loïc Hoguin
Erlang Cowboy
Nine Nines
More information about the erlang-questions
mailing list