I am a little confused about storing stuff in cookies/sessions and how to
prevent spoofing of them.

A user logs in, his e-mail address or user id and password(md5'ed) is
checked against my database.

Assuming it matches, I then set a cookie with the users id + email.

What is to stop someone from spoofing that cookie?  I obviously don't want
to put the password in a cookie .. can someone point me in the direction of
an article about this?  I've searched around, but I'm not finding stuff
about in a preventing spoofing / security aspect.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to