Java Answers

Question Asked By: David L. on Feb 01 In Java Category.

doubt : abt Cookies

Question Answered By: Feodora Bonkob on Feb 01

I believe you are correct that this will cause the cookies to go back to the
server - probably every time the user submits one of your pages. For those of
your users on asymmetric links, this will be a slower connection direction than
receiving data from the server too.

Worse though - much worse - is that you've got a security hole or two. Firstly,
anything verified at the client end can be spoofed at the client end relatively
easily. The validation is not secure at all. Secondly, what is in this 8k?
Presumably information about other users. Cookies are text items which can be
read on the client without much trouble.

Do your validation on the server.

Next question is why you would need to read 8k of data from a database to
validate a user. Have a look at your design and see if you can cut this down
(probably way down). But also remember that your server will get this
information on a fast disk path, so the overhead of 8k would not be too great
anyway.

This Question has 4 more answer(s). View Complete Question Thread

Didn't find what you were looking for? Find more on doubt : abt Cookies Or get search suggestion and latest updates.

Tagged:doubt abt cookies

RSS Feeds:	Articles \| Forum \| New Users \| Activities \| Interview FAQ \| Poll \| Hotlinks
Social Networking:	Hall of Fame \| Facebook \| Twitter \| LinkedIn
Terms:	Terms of Use \| Privacy Policy \| Contact us