Re: [PHP] update password cookie

--- John Kaspar <[EMAIL PROTECTED]> wrote: > I'm just storing its hash. Then comparing it to the database hash. > Is that bad? Yes, but the risk is not so much that the user's password is in danger of being acquired, but rather than this step is not necessary to impersonate the user. This hash of

RE: [PHP] update password cookie

John Kaspar on Thursday, September 18, 2003 4:05 PM said: > I'm just storing its hash. Then comparing it to the database hash. > Is that bad? Is there a good write-up somewhere discussing > authentication techniques that you could recommend? Oh I should respond to

RE: [PHP] update password cookie

John Kaspar on Thursday, September 18, 2003 4:05 PM said: > Yahoo makes you reenter your password every time you reopen your > browser. I'll check other sites though. Thanks for the advice. As it should. You don't want to store password information in a cookie, th

Re: [PHP] update password cookie

I'm just storing its hash. Then comparing it to the database hash. Is that bad? Is there a good write-up somewhere discussing authentication techniques that you could recommend? Yahoo makes you reenter your password every time you reopen your browser. I'll check other sites though. Thanks

Re: [PHP] update password cookie

--- John Kaspar <[EMAIL PROTECTED]> wrote: > My question is - how do I update the password cookie without having to > ask whether or not they want to remember it again? How can I find out > when the current cookie expires? First, I hope you're not storing a password in a cookie, since it sounds

[PHP] update password cookie

When my users log in, they enter their username and password, and click a checkbox to remember the login in the future. If the remember checkbox is left unchecked, the cookie expire is set to zero. I also have a page where they can change the password. My question is - how do I update the passw