#1 2016-02-15 16:10:45

martin.suer
Member
Registered: 2013-12-15
Posts: 76

Sample 30 MVC Server - Login/Logout question

Hi Arnaud,

in Sample 30 MVC Server there is a Login / Logout mechanism using a session. In the SAD in 19.2.6 you state "
Of course, you should never trust the cookie content ". My question is: Is this authentication mechanism in the blog example considered to be secure (assuming the web app runs over https) or not or to which extent? Are there scenarios where it's not secure?

Thanks
Martin

Last edited by martin.suer (2016-02-15 16:11:31)

Offline

#2 2016-02-15 19:07:42

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,660
Website

Re: Sample 30 MVC Server - Login/Logout question

If you use HTTPS, you may use cookies for authentication.
It would be enough for most simple use cases of simple web sites.
But of course, this is not perfect, and should not be trusted, since HTTPS security may be overridden by fake certificates...

Offline

Board footer

Powered by FluxBB