Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I use to cookie for Remember Me functionality.
This is how i set the cookie:
$value = $dbusername.'|'.$dbpassword;
setcookie('abc', $value,time()+60*60*24*180, '/');
Retrieve cookie:
$cookie = $_COOKIE['abc'];
$values = explode("|", $cookie);
$username_ck = $values[0]; //ck stands for cookie
$password_ck = $values[1];
What is a good way to secure my cookies (username/password)?
The password in my database is stored in plain text. I don’t want to to encrypt the password in db.
First you should NEVER EVER store passwords in plain text db!
Second: you should NEVER EVER store passwords in plain text in cookies!
Third: if you use cookies to implement something like a remember me option you don’t need to store the password in the cookie, but rather a random token stored in both the db and the cookie which automatically gets invalidated every time the user logs on and also create a new one every time the user logs in.
Also did I already mention to NEVER EVER STORE PASSWORDS IN PLAIN TEXT?
EDIT
Please also checkout: http://jaspan.com/improved_persistent_login_cookie_best_practice
Which describes the best way of using cookies (basically a step-by-step explanation of what I already tried telling you). I say the best way since I haven’t found a better way yet 🙂