[erlang-questions] secure use of cookies in an erlang application

Wes James comptekki@REDACTED
Tue May 15 20:13:25 CEST 2012

Ok - thanks for the quick response!


On Tue, May 15, 2012 at 12:10 PM, Loïc Hoguin <essen@REDACTED> wrote:

> On login, make the server generate an UUID, associate that UUID with the
> logged in user, and set it as the cookie you will use to identify the user.
> Then just compare that cookie with your list of logged in users to find who
> it is.
> It should already be a good start.
> On 05/15/2012 08:03 PM, Wes James wrote:
>> I'm using cowboy for an application and I'm setting a simple cookie with
>> an expire to log users out after a certain time.  Using a simple cookie
>> seams like it is not secure, though.  As someone could read the code and
>> set the cookie in their browser and then get access to the site, right?
>>  Are there any examples of securely using cookies in cowboy or some
>> other erlang app/framework that shows how cookies are used?  I guess
>> some random time based cookie might work better.
>> Thanks,
>> Wes
>> ______________________________**_________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/**listinfo/erlang-questions<http://erlang.org/mailman/listinfo/erlang-questions>
> --
> Loďc Hoguin
> Erlang Cowboy
> Nine Nines
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120515/e6bc5ede/attachment.htm>

More information about the erlang-questions mailing list