Winn

Developing online applications is a way of life for a lot of programmers! It’s a great feeling working your but off day in and day out, night in and night out, sometimes all night and sometimes with no brakes! Then launch day comes and you are so happy any cant wait for people to start using your application! You launch your application without a hitch, all goes well!

Keeping that application secure is important, so when do you start worrying about security? I say right away, start building your application with maximum security. Keep track of what cookies you are setting as they can be in danger from a JavaScript injection.

So if your application has to use cookies how should you authenticate the user? I find writing a session id to the database and to a cookie along with a username or email, this process becomes very easy and secure. So how does this work?

Start with a login or registration, and then start the session. Pull the session id into a variable the send it to the database. After that write the session id to a cookie.

[php]
session_start();
$sid = session_id();

// your SQL insert or update “UPDATE accounts SET sid=’$sid’ WHERE id=1″

setcookie(‘appname_session’, $sid, time()+3600);
[/php]

After setting the session id cookie we need to set the username or email cookie!

[php]
setcookie(‘appname_user’, $username, time()+3600);
[/php]

Now you are able to authenticate the user inside your application securely.

[php]
// Select the user now
find_by_username_and_sid(cookie(“appname_user”),cookie(“appname_session”));
[/php]

This is in PHP but the same idea applies in all languages.