Authentication mechanism


This section explain how the cookie authentication mechanism is handled in phpGraphy.

In order, to authenticate yourself with phpGraphy the first time, you must provide a valid login/password. Once you've prooved who you are, phpGraphy set a cookie on your computer with the CookieValue defined in the users base (See Managing users account). It's this CookieValue which is then used to identify you to the website. To resume, the user/password is used to get the Cookie from the site but if you can guess the cookie directly, it does lead to the same result: Authenticated Access to an account. When using the interface to create a new user, the generated cookie is complex enough to render brute-force attacks painful, but that can be destroyed if you don't pickup a strong-enough password.