immanuelx2 Posted June 19, 2007 Share Posted June 19, 2007 I have a mysql database with a user id, email, password all that junk stored... If a user logs in, currently I have their userid stored as a cookie... I realize this is not safe because anyone can manually add a cookie of someone's user id.. So my question is, should i add a field to the database called "id_hash" or w/e and store the cookie as an md5('userid')? And then just compare that value with the database value stored? Or is there a better way of storing cookies for user logins..? I currently am not using sessions either and wondering if thats a problem or not... Link to comment https://forums.phpfreaks.com/topic/56246-what-should-i-store-as-_cookie/ Share on other sites More sharing options...
cooldude832 Posted June 19, 2007 Share Posted June 19, 2007 use sessions because sessions are initialized server side it removes that "hackability" of cookies, also if you want to be super secure make a log in session ID relative to that "session" as an added bonus. Link to comment https://forums.phpfreaks.com/topic/56246-what-should-i-store-as-_cookie/#findComment-277797 Share on other sites More sharing options...
immanuelx2 Posted June 19, 2007 Author Share Posted June 19, 2007 i thought that sessions are destroyed soon as the browser is closed Link to comment https://forums.phpfreaks.com/topic/56246-what-should-i-store-as-_cookie/#findComment-277808 Share on other sites More sharing options...
cooldude832 Posted June 19, 2007 Share Posted June 19, 2007 there are adjustments you can make to sessions to keep them alive using the DOM read up on php.net about them for more details, Link to comment https://forums.phpfreaks.com/topic/56246-what-should-i-store-as-_cookie/#findComment-277811 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.