Posted by floortje on 10/31/07 20:56

Op 2007-10-31 21:30:58 +0100, zei "Sanders Kaufman" <bucky@kaufman.net>:
>> of the username, ip and supersecret
>> match the hd5hash in the cookie
>
> I use a "loginCookieValue" (UUID) in the users database.
> Every page-view gets a new one.
> That way - even if a would-be hacker steals a "session" for one page, it
> won't be good for the next.

Even better offcourse but i'd still check the ip.

Floortje

• Next in forum: Re: Multiple Domains; 1 Server; 1 PHP Install; Only One Domain Has A Working PHP; WHY??????
• Prev in forum: Re: how to create 'remember login' functionality during login
• Thread view: Re: how to create 'remember login' functionality during login

[Reply to this message]