Comments on: Creating a Persistent Login Mechanism http://jeremycook.ca/2010/03/28/creating-a-persistent-login-mechanism/ Random musings on web development and PHP Fri, 03 Feb 2012 22:22:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jeremy Cook http://jeremycook.ca/2010/03/28/creating-a-persistent-login-mechanism/comment-page-1/#comment-4599 Jeremy Cook Wed, 01 Feb 2012 21:47:26 +0000 http://jeremycook.ca/?p=73#comment-4599 Good point and to be totally truthful I'm not entirely sure why I suggested two fields. In my defense I wrote that quite a while ago.. The only reason for the two random fields is that it obfusticates things a little more. If an attacker was able to observe a number of cookies they might be able to work out that the ones called 'pl' have a common purpose. However, that would only provide a negligible benefit. It looks like one db field would be quite enough. Good point and to be totally truthful I’m not entirely sure why I suggested two fields. In my defense I wrote that quite a while ago.. The only reason for the two random fields is that it obfusticates things a little more. If an attacker was able to observe a number of cookies they might be able to work out that the ones called ‘pl’ have a common purpose. However, that would only provide a negligible benefit. It looks like one db field would be quite enough.

]]> By: Craig http://jeremycook.ca/2010/03/28/creating-a-persistent-login-mechanism/comment-page-1/#comment-4575 Craig Tue, 31 Jan 2012 11:11:26 +0000 http://jeremycook.ca/?p=73#comment-4575 Thanks for the article, useful pointers, I'm building something very similar. Any reason you don't just do something like cookieName="pl" (for persisted login) cookieValue="BigRandomGarbagesdffjkshjdifhioshdfijsdfjisdjfsdf" I can't see any good reason for two DB fields, could you explain your reasoning a bit more? Thanks, Craig Thanks for the article, useful pointers, I’m building something very similar.

Any reason you don’t just do something like

cookieName=”pl” (for persisted login)
cookieValue=”BigRandomGarbagesdffjkshjdifhioshdfijsdfjisdjfsdf”

I can’t see any good reason for two DB fields, could you explain your reasoning a bit more?

Thanks,

Craig

]]>