Allowing the user to log in once and stay logged on between sessions is a convenience offered by many websites. Typically the persistent login is managed via a cookie stored in the user's browser. This introduces a significant security risk. The cookie is just a text file coming from an untrusted source and could easily have been copied, tampered with, or otherwise spoofed. Because the cookie is being used in lieu of a normal username and password challenge, this opens a huge potential hole in your system, should somebody get a hold of a valid login cookie.
Your strategy for dealing with persistent logins and cookies needs to isolate the data sent over the cookie from other data in the system, and to mitigate the potential damage from a misused login cookie. As with most security features, the exact cost-benefit tradeoff depends on the specifics of your site, how valuable the data on the site is, and how much inconvenience your users will stand in the name of security.
3.8.1. Persistent Login Cookie Strategies
Here are some specific features that a persistent login system using cookies should have:
Never send real data. You should never send a user's actual username, let alone his actual password. I'd even avoid sending the hashed password. The value sent to the cookie should have no relationship to any other piece of user information in the system. Having that value should give a malicious user no leverage toward calculating other user data.
Just like ...
With Safari, you learn the way you learn best. Get unlimited access to videos, live online training,
learning paths, books, interactive tutorials, and more.