- From: Keld J|rn Simonsen <keld@dkuug.dk>
- Date: Tue, 23 Sep 1997 23:20:40 +0200
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I have a novice question on the use of cookies as a security facility. I have not followed the discussion thoroughly, so maybe this information is already available somewhere. Then please excuse me and point me to the proper docs. I am maintain a number of web pages with some restricted information but the security need not be very tight. We expect that some users give their information to collegues, and in most cases the userids and passwords are the same for whole groups. People tend to forget their passwords, and also being nagged for the access information is irritating. So I wondered if I could use cookies as authorization. That is, the first time restricted information is accessed, the user needs to give the proper userid/password, but later on, if the proper cookie is given, this is satisfactory, and the access is granted. >From time to time, say with an interval of some months, the users need to give the userid/passwd again - which then may have been changed to prevent old users, not allowed anymore, to access the information. It this a recommended practice in some cases, and can this be done with current technology, and how? Keld Simonsen
Received on Tuesday, 23 September 1997 14:27:34 UTC