A short question this time:
How much of a security risk is it when an third party gets access to WordPress auth cookie?
Can they for example simply copy the cookie and "be" logged in as the user who was the original cookie owner?
I ask this because i'm planning on passing the auth cookie value between different servers.
A short question this time:
How much of a security risk is it when an third party gets access to WordPress auth cookie?
Can they for example simply copy the cookie and "be" logged in as the user who was the original cookie owner?
I ask this because i'm planning on passing the auth cookie value between different servers.
Share Improve this question asked Feb 11, 2019 at 16:43 Tinus TateTinus Tate 1135 bronze badges1 Answer
Reset to default 2Can they for example simply copy the cookie and "be" logged in as the user who was the original cookie owner?
Yes! with the cookie they basically have your login session. You do not want 3rd parties to get the cookie. Keep in mind there is more than 1 cookie, for frontend and for backend.
I ask this because i'm planning on passing the auth cookie value between different servers.
I would advise against sending the actual cookie across servers. This sounds like an XY problem question, where instead of asking how to solve problem X, you asked how to implement or fix solution Y. There are better ways to handle users across multiple servers ( some of which are a part of how cookies work ), but it would depend on what you're doing that necessitates this, you'd need to ask a new question ( possibly on another stack )