PDA

View Full Version : I just set a new cookie... is this OK?


LanciaStratos
11-30-2008, 02:48 AM
I just created this quick one-line plugin to store a user's group ID in a cookie, using the global_setup_complete hook. It works just like I wanted. Is there any inherent security risk in doing this, or any other issue I may have overlooked?


vbsetcookie('usergroupid', $vbulletin->userinfo['usergroupid']);


A quick reply is all I'm looking for. If it looks good to you, no need to elaborate. :D

Dismounted
11-30-2008, 03:01 AM
Why do you need to do that?

LanciaStratos
11-30-2008, 03:11 AM
I wanted an easy way to check the usergroupid of my visitors outside of forum pages, without bothering to include global.php and the overhead that incurs. I use the usergroupid to determine whether or not I need to display ads around my site.

Dismounted
11-30-2008, 03:39 AM
Anyone can change that cookie and "fool" your system.

LanciaStratos
11-30-2008, 04:01 AM
True, of course, but I'm going to bet that the number of users who figure that out will be too small to have any type of impact on ad impressions. Also, I'm still using vB's template conditionals in the forums, so the technique won't work there (of course, won't visiting vB pages also reset the cookie?). This is primarily designed to hide ads on my WordPress installation, which contains pages and posts that can get hit hard with traffic. If I can save a trip to my vB DB on all those page loads (most of which will come from unregistered, new visitors), it has to be a good thing.

Dismounted
11-30-2008, 04:27 AM
If you are only using it for displaying ads - it will be OK. Last thing, make sure you clear the cookie when logging out.

LanciaStratos
11-30-2008, 04:41 AM
Great point, I hadn't considered clearing the cookie! Would logout_process be the best hook to use for that?

Dismounted
11-30-2008, 10:11 AM
Would logout_process be the best hook to use for that?
Yes