OK, I see what you mean. If someone edits their browser's cookie file they could put whatever username they want in there.
That's true, but a general problem with my site then because I use cookies for user authentication. GMail is the least of my worries
Using a session id cookie might be a good idea. I'll have to take a look at that. But that would mean that's I'd have to implicitly log each user into GMail at the same time they logged into my site.
I wonder if using encrypted cookies would make it any more difficult for someone to add a "fake" cookie to their cookies file?
cheers,
Michael Coyne
seaturtle.org
That's true, but a general problem with my site then because I use cookies for user authentication. GMail is the least of my worries
Using a session id cookie might be a good idea. I'll have to take a look at that. But that would mean that's I'd have to implicitly log each user into GMail at the same time they logged into my site.
I wonder if using encrypted cookies would make it any more difficult for someone to add a "fake" cookie to their cookies file?
cheers,
Michael Coyne
seaturtle.org