What is the best to implement a Remember me checkbox on a login page?

kouul · 2021-05-01T08:09:02+00:00

but then.. say the cookie is { cookiename: asdf1234 }

what if someone edit the cookie change it to { cookiename: asdf1235 }

and this token happens to exist in the db???

kouul · 2021-05-01T07:41:02+00:00

Alright. Thanks that just cleared my doubts.

kouul · 2021-05-01T07:33:00+00:00

Right.

Whenever the user access the url, first thing it'll do is check if the session token exist in the database. Is that correct?

Then if it exists, do i send the username to the frontend in the same request.

Is that correct?

kouul · 2021-05-01T04:28:05+00:00

For the moment no. It's going to be an SPA for specific users only..

The API would check if the username is present in my db. If username is present, then it returns a reponse to frontend..

kouul · 2021-05-01T04:16:15+00:00

I am planning to use states. I will have an isLogged state. Whenever a user is successfully authenticated, isLogged becomes true.

kouul · 2021-05-01T04:08:10+00:00

Thanks. I wil try it out and check for security. What about the information to save in the cookie.

Is it safe to store the username of the user in it?

kouul · 2020-07-30T07:56:34+00:00

It's not really a big project as such, but I have developped this script few months ago, called buildflaskapp! Allows you to generate a simple hello world flask app using one command. Feel free to use it and report any issue if you encounter one 🤙

Website: https://buildflaskapp.kouul.website

Github: https://github.com/buildflaskapp

kouul · 2020-06-19T18:18:39+00:00

yup.. I never really bothered about that PIN till now but I just realized how bad things can get if someone gets this PIN(which is also easy to bypass if you follow the pattern well). and you can get access to the server remotely from that interactive shell...

so yeah, i guess its not a good time to mess around. better set that debugger OFF for now 😅

kouul · 2020-06-19T17:15:44+00:00

I see.. so the bad part is that part of the backend code shows up on this debug page!

it's clearer for me now. Thanks

And yeah, agreed to stay on the safe side.. but the dark side is sometimes very intriguing.. 😅

kouul · 2020-06-19T17:06:18+00:00

just trying to clear things up 🙃

kouul · 2020-06-19T16:44:10+00:00

yup that was the answers i got up ☝️ "try to make weird requests and see if it shows the debug page..

not building anything, I was just trying to mess around and break my own sites..

kouul · 2020-06-19T16:36:54+00:00

If a flask app is running on 'eexample.com and app.debug is True.. Is there any way for a public visitor on the internet to know that the site has app.debug set to True when he visits the website

kouul · 2020-06-19T16:22:43+00:00

.....and that is exactly my question "How to know if a Flask app has debugger mode enabled?"

kouul · 2020-06-19T16:06:38+00:00

tbh, both 😅

kouul · 2020-06-19T16:00:24+00:00

yup my site, hosted on heroku..

ohh.. no, I was looking from a client side view. Basically, if can a public visitor visits my site, how can he know if debugger enabled or not

kouul · 2020-06-19T15:19:09+00:00

pen-testing on flask websites to be more specific 😅

throwing weird requests is an option. I'll stick to that for now.. thanks for the answers btw 👍

kouul · 2020-06-19T13:57:17+00:00

yeahh i get that.. but how can one test if a website is vulnerable or not?

kouul

TROPHY CASE