Posted by Chris Shiflett on 04/11/05 19:05
Computer Programmer wrote:
> What is a better way to store password in a cookie?
This is one of the worst ideas people have, and if I'm guessing the
reasoning behind your question correctly, this will help:
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice
Keep in mind that cookies are included in a Cookie header within each
request that satisfies the criteria specified in a previous response's
Set-Cookie header. This means that cookies are exposed on every single
request, which can mean many times per page (embedded content such as
images are often served from the same domain).
Hope that helps.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
[Back to original message]
|