Can cookies be faked?

der kopfder kopf
Posted:
in Genius Bar edited January 2014
The question is just that: is it possible to fake cookies? I ask because I'm working on a site that relies on cookies. People who haven't logged in shouldn't be able to access some sections. I've constructed a nice PHP engine that lets people log in and sets a cookie with an expiration time of four hours if the log in was succesful. The content of the cookie is a Unix timestamp of now. I'm wondering if it is possible for people to fake a cookie in their own/someone else's browser to make it look like the cookie was issued by my script. No really important information is dealt with, but still...

Comments

  • Reply 1 of 2
    thuh freakthuh freak Posts: 2,664member
    yes, it is technically possible, since a cookie is just a file (or part of a long file) on the user's computer. its unlikely that another site will be able to edit/use/create your cookie, since cookie's are usually identified by site name and cookie name. some browsers instead of saving the cookies to a file (or many files), may keep them in RAM, which would make it a lot harder to fake. if a user really wants to, it is possible for them to create a file, the contents and placement of which depend on what browser they use, and essentially pretend like a site gave them that cookie. i don't think anyone really does that though. but, as a precaution, some sites encrypt the cookie(s), mainly so users cant read them, but it also makes it harder for people to fake them.
  • Reply 2 of 2
    running with scissorsrunning with scissors Posts: 1,124member
    Quote:

    Originally posted by der Kopf

    The question is just that: is it possible to fake cookies?



    sure, just make them out of clay or playdough. i think they even have some already made up for you in some of those toy bake sets. mmmm plastic cokies.



Sign In or Register to comment.