[OWASP-GUIDE] Persistent Login Cookies

Charles Miller cmiller at pastiche.org
Sun Mar 7 15:30:16 EST 2004


A month or so ago, I wrote the following about persistent "remember me"  
login cookies:

http://fishbowl.pastiche.org/2004/01/19/ 
persistent_login_cookie_best_practice

I'm interested if anyone here has any comments, although comments of  
the form "Persistent login cookies are inherently unsafe and should not  
be used" will be met with mild grumblings about what life is like in  
the real world.

Currently it's available under a CC license, but I'm quite happy to  
relicense it under the GNU FDL for the purposes of donating material to  
the guide.

Charles Miller

-- 
Contributing to the heat death of the Universe since 1975
cmiller at pastiche.org         http://fishbowl.pastiche.org





More information about the Owasp-guide mailing list