Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why store sessions on the server instead of inside a cookie?

Tags:

python

cookies

session

flask

I have been using Flask for some time now and I am really enjoying the framework. One thing that I fail to understand is that in almost all other places they talk about storing the session on the server and the session id on the client, which would then identify the session. However after using flask, I dont feel the need to do so. Saving the session as a cookie on the client cryptographically serves my purpose and seems quite secure too. The only thing being I am unable to encrypt the session keys for eg:

session['life'] = 'the great one'

would appear as

life='gfhjfkjdfa some encryption kj'

in the cookie saved on the client. But how would that matter as it is still encrypted. I am sure that people here know things much better than I do, so request someone to please clarify :-)

like image 318
Rasmus Avatar asked Oct 16 '10 12:10

Rasmus

People also ask

Why are sessions preferred over cookies?

Sessions are more secured compared to cookies, as they save data in encrypted form. Cookies are not secure, as data is stored in a text file, and if any unauthorized user gets access to our system, he can temper the data.

Which is better to maintain sessions server-side sessions or cookies Why?

Cookies are not secured. Session are more secured compare than cookies. Cookies stored data in text file. Session save data in encrypted form.

Should I use session storage or cookie?

For most cases, we use the local Storage object if we want some data to be on the browser. If we want it on the server, then we use cookies, and the session storage is used when we want to destroy the data whenever that specific tab gets closed or the season is closed by the user.

What is the difference between sessions and cookies?

The main difference between a session and a cookie is that session data is stored on the server, whereas cookies store data in the visitor's browser. Sessions are more secure than cookies as it is stored in server. Cookie can be turned off from browser.

1 Answers

Even if your data is encrypted, the user could still roll back their cookie to a previous state (unless you start encoding one-time IDs etc)

e.g. cookie says the user has 100 credits, user spends 100 credits, they get a new cookie saying they have 0 credits. They could then restore their previous cookie (with 100 credits).

Depending how you encrypt the cookie, the user may also be able to delete keys, insert bogus data etc too.

like image 121
Nick Avatar answered Sep 22 '22 05:09

Nick
Sign in to Comment

Related questions

No module named 'cv2'
Seaborn Heatmap: Move colorbar on top of the plot
Time performance in Generating very large text file in Python
Unable to install Python libraries
Pipreqs: UnicodeDecodeError: 'charmap' codec can't decode byte 0x98 in position 1206: character maps to <undefined>
What's the difference between Python pip's pip.conf and pypirc file?
Power BI: How to use Python with multiple tables in the Power Query Editor?
Integer overflow in Python3
How to Yield in a recursive function in Python
How do I slice a string by characters in Python? [duplicate]
Does joblib.Parallel keep the original order of data passed?
Django dumpdata fails on special characters
session not created: This version of ChromeDriver only supports Chrome version 88
In Django, How do I get escaped html in HttpResponse?
Get memory usage of computer in Windows with Python
What is the new way of checking "callable" methods in python 3.x?
What are the semantics of the 'is' operator in Python?
Is it possible to write a firewall in python?
How to read lines from a file in python starting from the end
Numpy Routine for Computing Matrix Minors?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!