R 
		
								
				
				
			
		Richard Coltrane
Hi there,
I have a site that uses encrypted javascript cookies to hold session data
particulary user site role data. Although this data is encrypted Ive just
realised that if i copy the encrypted role data from one cookie and paste it
into another cookie i can make requests to the site using elevated
priviledges.
So im wondering how everyone else gets around this when using cookie based
sessions (I run on shared hosting server sessions are not an option). The
way im see it im really vulnerable because the user is only authenticated
once at login and from there site and role data (which is passed in from the
cookie) is simply "believed" and used to provide site access.
How do you guys and girls do it?? Given i can copy paste the site role
string and reuse it, i dont see the point in encrypting it in the first
place. All someone needs to do is sniff the cookie of a higher priviledged
user and then use the encrypted site role info in their own cookie....they
dont need to decrypt/crack anything.
Thanks
Richard
				
			I have a site that uses encrypted javascript cookies to hold session data
particulary user site role data. Although this data is encrypted Ive just
realised that if i copy the encrypted role data from one cookie and paste it
into another cookie i can make requests to the site using elevated
priviledges.
So im wondering how everyone else gets around this when using cookie based
sessions (I run on shared hosting server sessions are not an option). The
way im see it im really vulnerable because the user is only authenticated
once at login and from there site and role data (which is passed in from the
cookie) is simply "believed" and used to provide site access.
How do you guys and girls do it?? Given i can copy paste the site role
string and reuse it, i dont see the point in encrypting it in the first
place. All someone needs to do is sniff the cookie of a higher priviledged
user and then use the encrypted site role info in their own cookie....they
dont need to decrypt/crack anything.
Thanks
Richard
