Is there any way that a website can read a cookie in a way that the cookie is locked to that particular computer and that it wasn’t somehow copied to another computer?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any way that a website can read a cookie in a way that the cookie is locked to that particular computer and that it wasn’t somehow copied to another computer?
Assuming you don’t trust the end point — no.
If you don’t trust the user, then you can’t be sure.
If you don’t trust the computer (e.g. it might have malware installed), then you can’t be sure.
If you don’t trust the connection (i.e. it isn’t secured with SSL), then you can’t be sure.
You be sure by linking the cookie to an IP address, since:
You could include a bunch of data gathered from the browser (e.g. the user agent string) as a hashed value in the cookie, but that would break if something changed the data you were checking against or the cookie was copied to another machine with identical data (while user agent strings can vary a lot, two computers can be configured identically, and there are plenty of circumstances where they are likely to be (e.g. in a company with a standard desktop install that includes standard versions of browsers and plugins).