As a general rule it is always good to store data that is secure in a encrypted format. My website for example uses a mysql database and I store the encrypted mysql password in the cookie so I get somethign like 435gcg34tsskhj57 to equal 123. It's far more secure because cookies are on the user's computer and anything there is not secure, regardless of who the owner is.
----- Original Message ----- From: Leif K-Brooks Sent: Saturday, June 15, 2002 5:53 AM To: Justin French Cc: [EMAIL PROTECTED] Subject: Re: [PHP] Downside to using login sessions? I'm currently storing the username and password directly in cookies (the password isn't even md5()'d). I'm just wondering if there's security risks/whatever in sessions. I've seen that most sites seem to store the login data directly in the cookie (with the password md5()'d). Is that because there's something wrong with sessions, or did they just not use them for no reason? Thanks. Justin French wrote: >How is it currently storing it? > >Sessions are fine, depending on how the code is written, and the obviouse >downside to COOKIE based sessions is that they will break on non-cookie >browsers, so a smarter move is to use URL based sessions. > >A more focused question will of course result in a more focused answer :) > >Justin French > > >on 15/06/02 6:59 PM, Leif K-Brooks ([EMAIL PROTECTED]) wrote: > > > >>I am planning to change how my site stores logins to using sessions. >>Are there any reasons not to do this? Reasons against it I should >>know? Thanks for your input. >> >> >> > > > >Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
