Can a cookie be set by user, for my domain?

Discussion in 'PHP' started by Tony Brar, Nov 10, 2012.

0
  1. #1
    Hi guys,

    For security purposes, I need to know if a user can create a cookie.
    Could the user fake something like this script on their computer?

    <?php
    setcookie('isadminastrator',true,time()+60*60*24*30*12'/','mysite.com',false,false);
    ?>

    Thanks,
    -Tony
     
    Solved! View solution.
    Tony Brar, Nov 10, 2012 IP
  2. stephan2307

    stephan2307 Well-Known Member

    Messages:
    1,277
    Likes Received:
    33
    Best Answers:
    7
    Trophy Points:
    150
    #2
    yes. very easy. you need to make it harder like encrypt the content and store things also in the database.
     
    stephan2307, Nov 10, 2012 IP
  3. #3
    Yes, something like that could easily be faked.

    You never grant permissions in a cookie. You create a unique Session ID and store that ID in the browser cookie with a corresponding entry in your Session file or database on the server to identify the user. Then you grant access to resources on your end based on what the user is allowed access to.
     
    billzo, Nov 10, 2012 IP
  4. Tony Brar

    Tony Brar Active Member

    Messages:
    220
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    75
    #4
    Okay then. Thanks!
     
    Tony Brar, Nov 10, 2012 IP