On Mon, Oct 19, 2009 at 5:02 PM, harryh <har...@gmail.com> wrote: > > > Is it more dangerous to store the user's uniqueId in a cookie than to > store another uniqueId that's associated with the > > user's uniqueId? >
An opaque identifier that can be revoked and is not exposed outside of a given user's session is a lot more secure than a global identifier that cannot be revoked or replaced. For example, it would be possible to cycle the long term session identifier each time it was accessed. That cannot be done with some sort of unqueId that's associated with the user. Plus a browser-by-browser identifier is something that can be changed/deleted without impacting the other browsers. > > It is if your site has URLs like http://harryh.org/user/[uid] > > -harryh > > > -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---
