DelaMarc
commented
4 years ago Why don't you use session instead of cookie?
Closed YashasG98 closed 4 years ago
DelaMarc
commented
4 years ago Why don't you use session instead of cookie?
YashasG98
commented
4 years ago Session also uses browser cookies, and hence two different players cannot use two tabs of the same browser to play the game. This was the problem we were trying to solve. The second player's cookies always replace the first player's and session info of the first is lost.
DelaMarc
commented
4 years ago Actually that sounds like a normal behaviour. Whenever a user is logged in with their account on any site, their data are saved inside cookies/session so they don't have to re enter their credentials every time they open a new tab. If the email is simply passed to every page, there's a risk someone else than the user could use their account, if I understand well.
YashasG98
commented
4 years ago Could you elaborate on the security concern?
DelaMarc
commented
4 years ago Well from how I see it, a logged in user could modify their email if passed through the url, and thus use another user's account. So this would require extra checks and if you don't want to use cookies at all, it'll be a pain to do (unless the pasword is asked on every page, which would be a pain for the user).
YashasG98
commented
4 years ago @Shashwatha-Mitra thoughts on this?
Shashwatha-Mitra
commented
4 years ago @YashasG98, it's best we keep it the way it is right now. As @DelaMarc pointed out, it would've been a problem if we had done it by passing the email to each page.
YashasG98
commented
4 years ago Alright, makes sense. Closing this issue.
Passing email to every page is an option