[erlang-questions] secure use of cookies in an erlang application
Wes James
comptekki@REDACTED
Tue May 15 20:13:25 CEST 2012
Ok - thanks for the quick response!
Wes
On Tue, May 15, 2012 at 12:10 PM, Loïc Hoguin <essen@REDACTED> wrote:
> On login, make the server generate an UUID, associate that UUID with the
> logged in user, and set it as the cookie you will use to identify the user.
> Then just compare that cookie with your list of logged in users to find who
> it is.
>
> It should already be a good start.
>
>
> On 05/15/2012 08:03 PM, Wes James wrote:
>
>> I'm using cowboy for an application and I'm setting a simple cookie with
>> an expire to log users out after a certain time. Using a simple cookie
>> seams like it is not secure, though. As someone could read the code and
>> set the cookie in their browser and then get access to the site, right?
>> Are there any examples of securely using cookies in cowboy or some
>> other erlang app/framework that shows how cookies are used? I guess
>> some random time based cookie might work better.
>>
>> Thanks,
>>
>> Wes
>>
>>
>> ______________________________**_________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/**listinfo/erlang-questions<http://erlang.org/mailman/listinfo/erlang-questions>
>>
>
>
> --
> Loďc Hoguin
> Erlang Cowboy
> Nine Nines
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120515/e6bc5ede/attachment.htm>
More information about the erlang-questions
mailing list