06-10-2010, 04:04 PM
[quote name='Alexander (former netrex)' date='09 June 2010 - 10:20 PM' timestamp='1276114812' post='401']
Why are you destroying cookies?
[/quote]
Well, a general security rule is: "What you don't have (and store) cannot be stolen (that easy)".
A good website keeps membersettings in its own DB and sets up a cookie just for
the actual session ... eventually filled with data from its own DB. Yes, it means more work
for the website (since it cannot offload this stuf to the users side in that case) ... but it is
simply more secure.
Why are you destroying cookies?
[/quote]
Well, a general security rule is: "What you don't have (and store) cannot be stolen (that easy)".
A good website keeps membersettings in its own DB and sets up a cookie just for
the actual session ... eventually filled with data from its own DB. Yes, it means more work
for the website (since it cannot offload this stuf to the users side in that case) ... but it is
simply more secure.