Wed dev security question: is an auth cookie really just an encrypted cookie containing the user's ID? This is secure? I had never really understood how auth cookies worked before cuz usually the framework abstracts it enough, but I'm a bit closer to the internals on Phoenix.
Follow
> is an auth cookie really just an encrypted cookie containing the user's ID? This is secure?
Wouldn't that depend on the level of encryption? And where the keys are stored? Theoretically encrypt anything hard enough and you should be able to put it anywhere without worrying about security.
