on 17/07/02 11:11 AM, Analysis & Solutions
([EMAIL PROTECTED]) wrote:

> On Wed, Jul 17, 2002 at 10:43:24AM +1000, Justin French wrote:
>> I set a
>> cookie on their system which remembers them, which is just their username
>> and an md5() of their pasword (the same data I add to the session).
> 
> OUCH!  Sending the password back out to the net is a scarry prospect.

Interesting -- I haven't actually implemented this on a live site, but was
about to in the next few days... might hold off :)

How else can you verify the user in a "remember me" situation?


Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to