开发者

Storing username in cookie to increase cacheability?

开发者 https://www.devze.com 2023-02-05 02:48 出处:网络
Using: PHP, Symfony 1.4, Doctrine, sfGuard I have a site where the majority of pages could be cached as full HTML pages.But there is the traditional \'user account toolbar\' that appears at the top r

Using: PHP, Symfony 1.4, Doctrine, sfGuard

I have a site where the majority of pages could be cached as full HTML pages. But there is the traditional 'user account toolbar' that appears at the top right of most sites (shows the logged in username, logout link etc.)

This obviously prevents the page from being fully cached as HTML so I plan on outputting the page as s开发者_Go百科tandard HTML and adding in the username etc. after page load, via Javascript.

When the user logs in, I will create an extra cookie storing just the username. Javascript can then check if the cookie exists and create the account toolbar. The username will only be used for display purposes. In order to actually log in the users will have to go through the normal login page, using their password etc.

I've searched for blog posts etc on this but not found much. Can anyone identify any security or other concerns with this?


As long as the user name is only used for display purposes you should be golden. Alternatly you could use an XHR to grab the username from PHP's $_SESSION.

My concerns are that you'd be using the user name to authenticate that user. Or using the user name as a key to access your cache, where by changing the user name would give an attacker access to another's cache.


You should never, ever store anything sensitive in a cookie. To me, that includes usernames.

0

精彩评论

暂无评论...
验证码 换一张
取 消