Hacker News new | ask | show | jobs
by chris_wot 4991 days ago
That's not how secure session management works.
1 comments
cheald 4990 days ago
It's plenty secure in the sense that you can't forge a session. It's not secure in the sense that the data is inaccessible if you know how to base64 decode a cookie.

If you're using cookie sessions, you should know better than to store sensitive information in the session.

link
chris_wot 4990 days ago
In other words, because they are holding sensitive information in their cookies encoded only via base64 it's not secure. In other words, what I said.
link