Do I need to expire a session cookie when sessions are handled server-side?



The only data in the cookie is the session ID. There is no expiration timestamp set when creating it, a session is always evaluated server-side to see if it has expired.When logging out, the session is destroyed server-side. Is there any point then in expiring the cookie?

Related to : Do I need to expire a session cookie when sessions are handled server-side?
Doubts regarding Server side session using caching or cookie based sessions
Information Security

I am pretty new to web development. I am working with Flask, Sqlalchemy and Postgresql.


As far as I have understood, every new request is like a new thread of the program. New sqlalchemy session is created using which we manage our db operations and return a response. After that new thread is also closed and connections returned to the pool.


I login a user and get all user data in an user orm object. I stored it in flask session variable which uses cookie. Now I also want to save some other user related data for the span of whole user session not a request. I have doubts storing all that data in a cookie for 2 reasons:


1. Unne
Express difference between cookie-Sessions and connect-cookie-session
Information Security

I am implementing a system where session data is stored in the cookie. This system doesn't require a memorystore or redis support which makes it attractive. However, I am confused on which middleware to add.


Should I add the default cookieSession() which comes bundled with connect or the third party connect-cookie-session.


Oh and I am running the latest node version(0.8.16) and express version(3.0.0)


Cookie + db token + session authentication, can i do away with the sessions
Information Security

I have a little web app, which uses a lot of ajax. After someone logs in, what we need to keep persistent is their user_id and group_id


The way I first did authentication, I just stored these as clear txt in cookies ( $_COOKIE['user_id'], $_COOKIE['group_id'] ). Obviously that was bad since you could modify both values!


I'm not an experienced programmer and don't need massively amazing security for this app. But that was pretty bad.


So, I moved on to creating a token in the database, which stores the user_id, group_id and a hash token and then putting that token only in the cookie. The user_id and group_id are created as sessions

Unable to access session variable on cookie less PHP sessions
Information Security

I am trying to use PHP session without using cookies. I have enabled session.use_trans_sid and disabled session.use_cookies in my php.ini file. I have also disabled cookies in my firefox browser. Now, when I navigate between pages, I am unable to access the variable in the session object set from a previous page. BTW, I am aware that using session IDs as part of the URL is not a recommended approach.


I have provided the sample code snippet below for the two pages - page1.php and page2.php. Page1.php sets a variable in the session object to true and page2.php checks this variable's value and takes action accordingly.


Page1.php



Are there such thing as server side cookie/session?
Information Security
Are there such thing as server side cookie/session?
 
Hey guys are there such thing as server side cookie/session? For example when using cURL to login to a particular site using 1 account detail. If yes, anyway to delete it manually via SSH? Because sometimes this account detail will become invalid(due to changed password etc) but when trying to access my script with new acct login, he'll not work UNTIL like 3 hours later. No idea why :/

Do I need to expire a session cookie when sessions are handled server-side?
Information Security
The only data in the cookie is the session ID. There is no expiration timestamp set when creating it, a session is always evaluated server-side to see if it has expired.When logging out, the session is destroyed server-side. Is there any point then in expiring the cookie?

HD Wallpapers
3D
3D Abstract
City
Celebrities
Indian Celebrities
Cars
Travel
Girls
Animals Birds
Movies
Sports
Black White
Nature
Planes
Anime
Food Drink
Dreamy Fantasy
Architecture
Games
Space
Holidays
Flowers
Love
Artistic
Baby
Beach
Bikes Motorcycles
Macro
Computers
Vector
Funny
Army
Textures
Brands
Misc
Music
Other
Privacy Policy - Copyrights Notice - Feedback - Report Violation - RSS 2017 © bighow.org All Rights Reserved .