Anyone?  Can someone at least point me to some web article for
recommendations?  I saw some examples where a password variable was stored,
but is that really safe (as long as I MD5 it first?)


-----Original Message-----
From: Chad Day [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 16, 2002 12:30 PM
Subject: [PHP] Sessions / logins / cookies / security

I asked something similar a little while ago, but didn't do a good job

What I'm looking to do is when a user logs in, I start up the session.. I
then have the registered session var to verify they are authenticated as
they move throughout the site.

Now, when they close the browser and come back, I want them to still be
authenticated.  Obviously, I have to set a cookie.  But what do I set?  Do I
set just their user ID?  The MD5 of their password?  What's the most secure
way, that's not easily spoofed?  I don't know that much about cookies, but
if I just use a user ID, couldn't someone just change that ID value and
'become' another user?

Thanks for any advice,

PHP General Mailing List (
To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to