Jump to content

Storing A Hashed Password In Cookie


Aljade

Recommended Posts

I am making a user login system and I thought a way to make a session/cookie more secure I could store the users password encoded with sha1 and verify it.

So for example when the user logged in I would make 2 sessions like so:
[code]$_SESSION['user_id'] = $user_id;
$_SESSION['secure_hash'] = $user_sha1_password;[/code]

Also if the user selected to automatically login I created 2 cookies:
[code]setcookie("autologin_userid", $user_id, time() + 31536000, "/Example", "example.com", 0);
setcookie("autologin_secure", $user_sha1_password, time() + 31536000, "/Example", "example.com", 0);[/code]

Then I would check the stored hashed password from cookies/sessions with the one that was stored in the database.

Now is this actually making my system more secure than if I just stored the user's id in the session/cookie or is it making it less secure?

Thank you!
Link to comment
https://forums.phpfreaks.com/topic/13145-storing-a-hashed-password-in-cookie/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.