My company manages a website for my client. My client has asked us to consider using cookies to remember login details. What are the pros and cons of doing this? And can you restrict cookies to user groups (rather than everyone logging in), or give them a time limit (eg they will remember your details if you keep logging in within 10 days). What are the key things we should consider? I heard that it's 'really old technology' but does that mean we should stay clear? thanks!
2007-06-20 03:56:56 · 2 answers · asked by bigape 1 in Computers & Internet ➔ Security
There's no problem using cookies. It's a common misconception that they are a security risk. As long as you don't put a password or anything silly into one, they are fine.
You can easily set a time limit. There is a property you can set to expire a cookie on a certain day or after a time period you specify. You can't set them per user group. The server will send one out to each machine that connects to it, if it finds one it will do whatever you programmed it to do. If it doesn't, it writes a cookie into the browser.
You should consider that some people DO block cookies, so don't rely on them for anything important. Use session cookies instead if you need something that relies on session state.
2007-06-22 04:46:19 · answer #1 · answered by Chris H 2 · 0⤊ 0⤋
Personally, I wouldn't use cookies. Some people might like being able to visit the page without having to log in, but a majority of users will already have pop-up blockers and/or cookies deactivated. I allow cookies only every now and then, preferring to manually enter my login information every time.
If you state that the site is "cookie free", some users will actually like that feature because they know that you are concerned about their privacy and computer security.
2007-06-20 04:59:07 · answer #2 · answered by Mathsorcerer 7 · 0⤊ 0⤋