#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    5
    Rep Power
    0

    Can cookie vars be edited by user?


    Hi guys,

    Can a $COOKIE[] var be edited by user?
    If it can, I have quite a security issue to deal with.

    Thanks,
    -Tony
  2. #2
  3. Code Monkey V. 0.9
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Mar 2005
    Location
    A Land Down Under
    Posts
    2,126
    Rep Power
    1990
    Yes it can. Cookies are stored as text files on the users PC, and if the user knows where to find them, they can view them, edit them, delete them, and do pretty much anything that they want with them.

    What exactly is your security concern?
  4. #3
  5. Transforming Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,180
    Rep Power
    9398
    They're also easily editable with a quick Javascript command. Don't even have to find the files.
  6. #4
  7. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    Sessions cannot be edited by the user, cookies can. Never store any sensitive information in cookies.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.

IMN logo majestic logo threadwatch logo seochat tools logo