Creating a good login logic
We can inject/ create new cookie via browser developer tool. when we set
cookie in php
setcookie('isLoggedin', 'yes', time()+3600);
Then via developer tools, we can just manually create cookie with name
isLoggedin with value yes
So, how to do good login logic? I think everything will be the same even
on html5 localStorage if i don't know the logic. Currently, my way is by
storing encrypted password on cookie/localStorage, then verify it to
server for every page reload, but im sure, this is also bad practice.
No comments:
Post a Comment