Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to generate a more unique cookie
Running IntraWeb 14.2.8 with Delphi 10.1.

We have the requirement to destroy the original cookie that was generated prior to authentication, and generate a new cookie after authentication.  The genrated post-authentication cookie is different, however the difference is negligible, only the last character is changed (for example from ‘3’ to ‘8’).  Each new cookie should be randomly generated so that values cannot be predicted.

In ServerController, CookieOptions are HttpOnly(true), SessionCookies(true) and UseCookies(true).

Is there a way in IntraWeb 14.2.8 to adjust the method used, to generate a more secure/unique cookie after authentication?

Thank you.
This should be asked in the IntraWeb forum instead.

the cookie generated by Intraweb is for session control. It is not related to user authentication (a session can exist without an authenticated user).

IntraWeb allows you to change the session ID after some event (e.g. user authentication). Will this satisfy your requirements? But the cookie is still linked to the session (i.e. it is a session cookie not a user cookie).
Hi Alexandre,
A new session ID and a new session cookie generated after authentication would satisfy our requirements. This would also require destruction of the initial ID and cookie after authentication. How would I go about doing this in IntraWeb 14?

Forum Jump:

Users browsing this thread: 1 Guest(s)