You are not logged in.
Pages: 1
Hi Arnaud,
in Sample 30 MVC Server there is a Login / Logout mechanism using a session. In the SAD in 19.2.6 you state "
Of course, you should never trust the cookie content ". My question is: Is this authentication mechanism in the blog example considered to be secure (assuming the web app runs over https) or not or to which extent? Are there scenarios where it's not secure?
Thanks
Martin
Last edited by martin.suer (2016-02-15 16:11:31)
Offline
If you use HTTPS, you may use cookies for authentication.
It would be enough for most simple use cases of simple web sites.
But of course, this is not perfect, and should not be trusted, since HTTPS security may be overridden by fake certificates...
Offline
Pages: 1