Do I need to expire a session cookie when sessions are handled server-side?


The only data in the cookie is the session ID. There is no expiration
timestamp set when creating it, a session is always evaluated
server-side to see if it has expired.When logging out, the session is
destroyed server-side. Is there any point then in expiring the cookie?

I am pretty new to web development. I am working with Flask,
Sqlalchemy and Postgresql.


As far as I have understood,
every new request is like a new thread of the program. New sqlalchemy
session is created using which we manage our db operations and return
a response. After that new thread is also closed and connections
returned to the pool.


I login a user and get all user data
in an user orm object. I stored it in flask session variable which
uses cookie. Now I also want to save some other user related data for
the span of whole user session not a request. I have doubts storing
all that data in a cookie for 2 reasons:


1. Unne
Programming Languages

I am implementing a system where session data is stored in the
cookie. This system doesn't require a memorystore or redis support
which makes it attractive. However, I am confused on which middleware
to add.


Should I add the default cookieSession() which
comes bundled with connect or the third party
connect-cookie-session.


Oh and I am running the latest
node version(0.8.16) and express version(3.0.0)

Development Tools & Services

I have a little web app, which uses a lot of ajax. After someone
logs in, what we need to keep persistent is their user_id and
group_id


The way I first did authentication, I just stored
these as clear txt in cookies ( $_COOKIE['user_id'],
$_COOKIE['group_id'] ). Obviously that was bad since you could modify
both values!


I'm not an experienced programmer and don't
need massively amazing security for this app. But that was pretty
bad.


So, I moved on to creating a token in the database,
which stores the user_id, group_id and a hash token and then putting
that token only in the cookie. The user_id and group_id are created as
sessions

Programming Languages

I am trying to use PHP session without using cookies. I have
enabled session.use_trans_sid and disabled session.use_cookies in my
php.ini file. I have also disabled cookies in my firefox browser. Now,
when I navigate between pages, I am unable to access the variable in
the session object set from a previous page. BTW, I am aware that
using session IDs as part of the URL is not a recommended
approach.


I have provided the sample code snippet below
for the two pages - page1.php and page2.php. Page1.php sets a variable
in the session object to true and page2.php checks this variable's
value and takes action accordingly.


Page1.php

/>
PHP
Are there such thing as server side cookie/session? /> 
Hey guys are there such thing as server side
cookie/session? For example when using cURL to login to a particular
site using 1 account detail. If yes, anyway to delete it manually via
SSH? Because sometimes this account detail will become invalid(due to
changed password etc) but when trying to access my script with new
acct login, he'll not work UNTIL like 3 hours later. No idea why
:/
Web Hosting
The only data in the cookie is the session ID. There is no expiration
timestamp set when creating it, a session is always evaluated
server-side to see if it has expired.When logging out, the session is
destroyed server-side. Is there any point then in expiring the cookie?
Information Security

- Technology - Languages
+ Webmasters
+ Development
+ Development Tools
+ Internet
+ Mobile Programming
+ Linux
+ Unix
+ Apple
+ Ubuntu
+ Mobile & Tablets
+ Databases
+ Android
+ Network & Servers
+ Operating Systems
+ Coding
+ Design Software
+ Web Development
+ Game Development
+ Access
+ Excel
+ Web Design
+ Web Hosting
+ Web Site Reviews
+ Domain Name
+ Information Security
+ Software
+ Computers
+ Electronics
+ Hardware
+ Windows
+ PHP
+ ASP/ASP.Net
+ C/C++/C#
+ VB/VB.Net
+ JAVA
+ Javascript
+ Programming
Privacy Policy - Copyrights Notice - Feedback - Report Violation 2018 © BigHow