Today I have a need to design a persistant login system. I have followed this blog, http://www.bennadel.com/blog/1213-creating-a-remember-me-login-system-in-coldfusion.htm
Basically as per this blog , the whole system involves 3 steps,
If a user checks
Remember Me
while login, then an encrypted format of the userid will be stored in the Cookie.Now when the user comes to the site after 1/2 days when the session is expired, Then the cookies will be checked . If userid cookie is found then it will be decrypted and stored in the SESSION to force login.
Now in the
onRequest()
methodSESSION.userid
is checked to check the login status.
Till this everything looks good.
But what I did is, I copied the cookie from firefox and created in chrome. And now I am able to successfully login as that user in chrome. Isn't this a big security issue?
Could anyone please suggest what should we do to prevent this?