| Author | Message | Time |
|---|---|---|
| Lenny | I've noticed that when a server sends a client the cookie values, some sites send such things as username and password in plaintext. But the browser stores it differently. I know that different browsers store cookies in different formats, but how does IE store such cookie values? Also, iirc, more sophisticated websites enable 'auto-login' for a client without the server ever having to send the password. Or allows the client to login without ever having to send (in plaintext) the password. Does the server send a hashing or encryption algorithm for the browser? Or is it more standardized? | February 5, 2005, 5:47 AM |
| Kp | 1) It doesn't matter how IE stores cookies, you shouldn't be using IE on the open net. 2) Probably, but without a specific example, there's no way to know for sure. Another possible strategy would be to use the cookie in the canonical sense, such that the data on the client truly is a magic value. That is, the server rolls some completely arbitrary token and saves that with your user record as being a valid login token, then gives you that token for when you come back. As soon as you log out of the site, that token is useless forever-after. | February 5, 2005, 4:46 PM |
| Myndfyr | [quote author=Kp link=topic=10435.msg98330#msg98330 date=1107621982] 1) It doesn't matter how IE stores cookies, you shouldn't be using IE on the open net. [/quote] You might still want to know how IE stores cookies because, whether or not it *should* be true, the fact is that IE is the most widely-used browser. | February 7, 2005, 11:00 PM |
| Ban | Yeah, because people are uninformed and companies refuse to migrate to the far better firefox | February 8, 2005, 4:09 PM |
| Kp | [quote author=MyndFyre link=topic=10435.msg98690#msg98690 date=1107817231]You might still want to know how IE stores cookies because, whether or not it *should* be true, the fact is that IE is the most widely-used browser.[/quote] It is more widely used, but that's no reason to permit using it here if he can avoid it. | February 8, 2005, 9:55 PM |
| Lenny | I was not intending to use IE for my web browsing but merely wondering how a popular browser such as IE would save cookies. Apparently stealing cookies isn't a necessarily hard task to do, they can pose a big security risk for those of us that keep our sessions open, such as the ones for these forums =\ | February 8, 2005, 10:54 PM |
| hismajesty | [quote author=Kp link=topic=10435.msg98838#msg98838 date=1107899744] [quote author=MyndFyre link=topic=10435.msg98690#msg98690 date=1107817231]You might still want to know how IE stores cookies because, whether or not it *should* be true, the fact is that IE is the most widely-used browser.[/quote] It is more widely used, but that's no reason to permit using it here if he can avoid it. [/quote] Just because you don't use IE, doesn't mean 95% of the people with an internet connection don't. And, obviously, that's reason enough to want to learn about how a piece of software works. | February 9, 2005, 12:02 AM |