9 Jul
2001
9 Jul
'01
9:35 p.m.
Christian Theune writes:
On Sun, Jul 08, 2001 at 11:50:42PM +0200, Dieter Maurer wrote: [...]
With cookie based authentication, you simply kill the cookie. [...]
Really? Just think, what happens if the user manually copies it's cookie and stores it back on the browser?
You have to tell the server to forget, that this cookie is authorized ... ? Yes, if you want to be sure... And your cookie is some hash value and not a direct encoding of user name and password.
Dieter