Reply to Re: [PHP] Storing password in cookie

Your name:

Reply:


Posted by Andy Pieters on 04/09/05 08:51

On Saturday 09 April 2005 02:18, Computer Programmer wrote:
> What is a better way to store password in a cookie?
>
> md5()?
> base64_encode()?
> mhash()?
> mcrypt_generic()?
> crypt()?

It doesn't matter how you encrypt it.

DO NOT STORE PASSWORDS ON USERS COMPUTER

I hope that's clear enough.

What you can do, and in fact I do for production sites is when the user logs
on, you create an unique identifier and make a hash from it using your
favorite encryption method. (sha1, md5, crc32). I like sha1.

Save that hash in a temporary table and link it to the user's ID. Set an
exipry date and extend that on each subsequencial request.

Additionally you can save the IP number there as well. But that can lead to
issues if they are connected trough a firewall, router, or proxy.

Think of it as assigning a temporary password, only it is transparent to the
user.

Structure

Login
Password Validated
Create unique id
save in connections table
set cookie with unique id and userid

Page Request
Check for cookie
lookup unique id in connections table
id expired? No -> User still loged in
No Cookie
Do Login

This way, you automatically log out users that are logging in on another
computer.

Kind regards


Andy

--
Registered Linux User Number 379093
--
Feel free to check out these few
php utilities that I released under the GPL2 and
that are meant for use with a php cli binary:
http://www.vlaamse-kern.com/sas/
--

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация