O'Reilly logo

MySQL™ and JSP™ Web Applications: Data-Driven Programming Using Tomcat and MySQL by James Turner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using Cookies to Store Login

Many sites now use a permanent cookie to allow the customer to access the site without needing to log in. This has its good and bad points. The good side is that it reduces the barrier to entry that could discourage a customer from using your site. The bad side is that it potentially allows a hacker to gain unauthorized access to a user's account by either faking the cookie or gaining access to the user's PC. There's not much that you can do about the latter, but you can prevent the former from happening by taking a few basic precautions:

  • Don't store just the username; store both the username and the password. That way, the hacker can't create the cookie by just knowing the username (in this case, the e-mail address) ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required