javascript - Prevent user created pages from stealing login cookies -

i have webpage, let's page called: http://www.mypage.this/

in page users can create own html pages , access them through www . mypage . / (creator's_username) / (project_name) . instance, if username "usr" , project called "project" link http://www.mypage.this/usr/project .

but there's security problem...

i store people's login tokens cookies. , if user's script has function reads cookie , sends else?

they can access else's account. token has saved cookie, because need verify user in multiple pages. should prevent user created scripts reading tokens, yet still allow pages read token?

thank in advance

*the tokens of course regenerated every once in while

to clear misunderstanding, not storing passwords in user's side. storing login cookie - randomly generated string, re-generated on every login. , store on user's side.

if have verify users in multiple pages, should store login information in session, not in cookies. way stays on server, , can access it.

cookies made can store information when user disconnect, leave browser or else.

storing login information in cookies bad idea, it's not secure.

Search This Blog

Facebook Talkie

javascript - Prevent user created pages from stealing login cookies -

Comments

Post a Comment

Popular posts from this blog

delphi - How to make a proper alternate row color on a filtered TVirtualStringTree -

amazon web services - S3 Pre-signed POST validate file type? -

c# - Check Keyboard Input Winforms -