i have blog requires users login view content. page checks cookie, if cookie exists shows content (to avoid users having login repeatedly).
i want send out email subscribers links new posts. possible me create cookie when open email or click link , recognize cookie on website prevent requirement of them needing login?
no.
most email clients capable of rendering html not, default, load remote content or run scripts. , using javascript cookie authentication inherently insecure anyway.
give link click on in email one-time-password , set http-only, secure cookie page url links to.
Comments
Post a Comment