Demonic Posted April 17, 2008 Share Posted April 17, 2008 Okay, I'm using sessions for user system right, and so far I know you need cookies to stay logged in. I'm worried about security. Is storing the md5 hash and user id in a cookie secure? Was thinking about what if someone tries throwing that hash into a rainbow table, getting the password. So I was thinking possibly setting a cookie for a week, but make them reenter their password again after 24 hours and store the last time user tried logging in, into the database. Would this be pretty secure? Quote Link to comment Share on other sites More sharing options...
unidox Posted April 17, 2008 Share Posted April 17, 2008 Well anything you store in cookies are unsecure, anyone can copy the cookie and use it on their computer. But the hard time is someone actually getting ahold of those cookies. I would store the md5 with a salt and a username. Quote Link to comment Share on other sites More sharing options...
Demonic Posted April 17, 2008 Author Share Posted April 17, 2008 Oh yeah ..well this script has a custom random salt in the config for each install so its completely random each installation. I could use that. Thanks . Quote Link to comment Share on other sites More sharing options...
tinker Posted April 17, 2008 Share Posted April 17, 2008 Is storing the md5 hash and user id in a cookie secure? The hash of what? if your using a sess_id then also keep track of last sess_id so when return check against last and update cookie to new... then it's reset on every new browser session, you could do a length of time thing as well just for good measure? Quote Link to comment Share on other sites More sharing options...
tinker Posted April 17, 2008 Share Posted April 17, 2008 I just so happen to be reading this and I move onto page 45... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.