0

In may Rails web application, I need to enable more control in user authentication like if a user after registration will have specific credentials to login. So he/she should be able to login from a particular system(PC) only. This can prevent other users from logging in even if they know the particular users' credentials. Can we use Cookies for this purpose? Will Cookie always be unique if we access a particular web app from a particular PC? Help me to have a better solution.

Thanks in adv :)-

Rajesh Omanakuttan
  • 6,788
  • 7
  • 47
  • 85

2 Answers2

1

In my opinion, use cookies with caution, when you have no other options.

In this particular case (i.e. identify a unic computer), I think you can identify it by 2 solutions :

  • A stupid cookie with a value you know. The problem of a cookie is that a user can simply copy/paste the cookie value to another computer to have same access.
  • A unic key computed from computer data. You can create it with some accessible informations from this computer : browser, browser plugins, browser version, operating system, etc. This key can now be stored as a cookie. You have to check if this key is valid, regarding your identification function. Copy past have no effect because source informations are not the same. The main problem of this solution is it's 'too' secure : if the user change its browser, add a plugin, change its browser version, the function to compute key will not work at all.

This is the second solution I use, with this informations for example Rails Browser Detection Methods or https://github.com/josh/useragent

Community
  • 1
  • 1
pierallard
  • 3,326
  • 3
  • 21
  • 48
0

You can store secuirity token (md5 hash or something else) in the cookie, and check it for access.

Anton Igonin
  • 283
  • 2
  • 11