What are signed cookies and why are they useful?

Question

In some presentation from EuroPython "signed cookies" have been mentioned. Since googling didn't help -- I haven't found anything besides "yes, they are cool, this is how you do it", most in context of Django -- maybe someone on StackOverflow has a good explanation for me.

So, what are signed cookies, why would I want to use them, how are the downsides?

Perhaps answered here: http://stackoverflow.com/questions/3240246/signed-session-cookies-a-good-idea — peterp, Jun 24 '11 at 13:43

score 3 · Answer 1 · answered Jun 24 '11 at 13:46

3

A signed cookies provides a mechanism where you can trust the data in a cookie from a client.

The upsides are that you wouldn't necessarily have to store any session information on your server.

The downside is that you should keep the cookie data to a minimum.

answered Jun 24 '11 at 13:46

peterp

3,145
1
20
24

2

Another downside is that they are often implemented incorrectly. – Tom Hawtin - tackline Jun 24 '11 at 14:21

What are signed cookies and why are they useful?

1 Answers1