1.  Home
  2. MIDRANGE-L
  3. June 2015

Re: 'green screen' not sellable --> WE(?) are the problem

On Thu, Jun 11, 2015 at 4:24 PM Bradley Stone <bvstone@xxxxxxxxx> wrote:

Sign into all your google and/or microsoft accounts, clear your cookies,
and then see what happens. You may want to let google and MS know session
cookies are "old and unsafe". :)


There is a difference between using cookies and using only cookies. The
cookie should contain a token (perhaps a UUID) that the server looks up in
a list of active sessions (via for example a physical file on the IBMi)
and sees if there is a match, what user owns that token, and perhaps that
some heuristics about this HTTP request like browser type and client IP
address match. That token should expire after a period of time. A maximum
lifetime, as well as a shorter maximum lifetime between requessts should be
present

Simple sending a cookie with the name and password, or some encrypted
version of the user name that could be reused indefinitely would be the
insecure.

Justin

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.