Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookie tampering #14

Open
bobbysebolao opened this issue Apr 19, 2019 · 1 comment
Open

Cookie tampering #14

bobbysebolao opened this issue Apr 19, 2019 · 1 comment
Labels
enhancement New feature or request

Comments

@bobbysebolao
Copy link

bobbysebolao commented Apr 19, 2019

It's really interesting to see how you've implemented cookies, our team didn't get around to implementing cookies. If you continue working on this project, on top of what you've done already I think you can store the cookie information in your database for added security. Currently, it's easy for someone to change the cookie logged_in value in Chrome Dev Tools. To prevent this, perhaps you could add a 'logged_in' column to the users table in your postgres database, and then every time a user logs in you can store their logged_in status in the database. I think this is what's known as stateful authentication.

@dubhcait dubhcait added the enhancement New feature or request label Apr 19, 2019
@jokosanyang
Copy link
Contributor

We will either do this or use a JWT to hide the info (stateless auth)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants