>victor Thanks for the reply. Didn't realise it was as simple as that and also not really using my brain this morning...we've already got a neat facility in Coldfusion for doing this...I guess just set a persistent cookie, look for it next logon and then retrieve password from database and fill hidden field.
Msg#: 7878 posted 11:06 am on May 13, 2004 (gmt 0)
Thanks for the advice. The coldfusion system seems to be set up so that the cookie is just an identifier for the browser, the id's are stored on the server and matched to the browser before any information comes out of the database.
I *think* what starec means is that the persistent cookie will be around, and not very secure, on the user's PC for possibibly years.
If I can get hold of someone's cookie and copy it to my machine, I can access your site, and you think I'm them.
This is true too of session cookies, but they are around for not very long so the risk is reduced (unless you always serve the same cookie to the same userid, in which case they are as insecure as persistent cookies)
I see what you mean. Actually should be alright as it doesn't need watertight security - its mainly for convenience for visitors editing 'stories', but don't want any embarrassing PR, so will double check everything.