As a general rule it is always good to store data that is secure in a encrypted
format. My website for example uses a mysql database and I store the encrypted mysql
password in the cookie so I get somethign like 435gcg34tsskhj57 to equal 123. It's
secure, regardless of who the owner is.
----- Original Message -----
From: Leif K-Brooks
Sent: Saturday, June 15, 2002 5:53 AM
To: Justin French
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] Downside to using login sessions?
I'm currently storing the username and password directly in cookies (the
password isn't even md5()'d). I'm just wondering if there's security
risks/whatever in sessions. I've seen that most sites seem to store the
login data directly in the cookie (with the password md5()'d). Is that
because there's something wrong with sessions, or did they just not use
them for no reason? Thanks.
Justin French wrote:
>How is it currently storing it?
>Sessions are fine, depending on how the code is written, and the obviouse
>downside to COOKIE based sessions is that they will break on non-cookie
>browsers, so a smarter move is to use URL based sessions.
>A more focused question will of course result in a more focused answer :)
>on 15/06/02 6:59 PM, Leif K-Brooks ([EMAIL PROTECTED]) wrote:
>>I am planning to change how my site stores logins to using sessions.
>>Are there any reasons not to do this? Reasons against it I should
>>know? Thanks for your input.
>Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com